Malware Analysis Report

2025-06-16 06:34

Sample ID 240825-k8rbkawemg
Target c06b588325256f1e33bd5ac2a37bcca9_JaffaCakes118
SHA256 bc4e31f481a27a79e877c29f47c7fa9c217dd9b93aa76eb9a0ececc97984088c
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

bc4e31f481a27a79e877c29f47c7fa9c217dd9b93aa76eb9a0ececc97984088c

Threat Level: Likely benign

The file c06b588325256f1e33bd5ac2a37bcca9_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 09:16

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 09:16

Reported

2024-08-25 09:19

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c06b588325256f1e33bd5ac2a37bcca9_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 804 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 1708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 4064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 804 wrote to memory of 884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c06b588325256f1e33bd5ac2a37bcca9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f70346f8,0x7ff9f7034708,0x7ff9f7034718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17293661166109898565,12075002163154230239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 sharegods.com udp
US 54.209.32.212:80 sharegods.com tcp
US 8.8.8.8:53 www.freestats.org udp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.7.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 212.32.209.54.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 37.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 use.typekit.net udp
GB 2.16.170.115:443 use.typekit.net tcp
US 8.8.8.8:53 p.typekit.net udp
GB 2.16.170.112:443 p.typekit.net tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 104.20.94.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 115.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 112.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 c.statcounter.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_804_DHCOEBLGAMPANDAP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 943bef030e52ec9c5cea9785f5788a14
SHA1 f9e0f74fe40a58a72fc22d8ba041732938c7666f
SHA256 2c0949cfb44edfcff4803bd70a13d2537affa1410d1ef9db013aa5455612dcea
SHA512 b5b602e2a116e393e9add04e41781dea23ff1c78b5504ee630e82abc4cfcfb4880b4f740240c7e3101a35673802c00af4419293a047f902ef8414ed9b392aaae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 17f22b79c319369dae5013b9827e06a4
SHA1 3599ada6ed3c1cb78c6d942b5545b5b4bbda51a7
SHA256 3ede98216490d0d4fb900bffce474c53c2903844c0eed2f460d7ee27935b0a97
SHA512 0659e87caf9bf4febb05ede18ba2cb008b54bf3e61f24a740be9bbead998d6512469f54587e98a57d2414af9778d6b4a0ecb9a07bf07656c1c7636813f270088

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae344ce75fe0bd0bd76f318e06009660
SHA1 ad043077874e82a879dfd596465ce4e35b29002a
SHA256 191804250807e5a66e6f0464008c7047161197c90c4570fcaabdc67d2547073a
SHA512 c0cc15db5143693fc3f41454c5ec5dbdb5574177237e218606a167d3bfc1b298af1d44251352ba5082d09dd7b6f4bc8227237c53f83ee22fc144173f80225205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6cfc2d51a07c09ea1510312beb9b047d
SHA1 5b4179639467ef597769d3bdab8d88888acf1749
SHA256 2474ab4c976eff1b40520ac5cef2e45b8c49badd5fc2156df9c7448d09290958
SHA512 c01170241be17bcc60a593bf2533accce1419def8be8b2ef0075642dbf49c93ee75321d58ce3f26ee2af580019f1e52480920bf12bc2730b50440416c25e785c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 227508f06d550c7ed10041483a51a19c
SHA1 040d9a60fb96c6a874fc12af2c3c00b4031f5054
SHA256 b90faa1072e2fff795e2b1355da05917dffc53bd4d7324364e78423e4e2f651a
SHA512 a3b5432c18c9fd1c47f0cb2d944ef96f3b748dffe7b4d8f2cceb84c0f7457133c975626704c5412731bfd647455e2f257c1f445604d553cbc51ed244fa753273

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 09:16

Reported

2024-08-25 09:19

Platform

win7-20240705-en

Max time kernel

140s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c06b588325256f1e33bd5ac2a37bcca9_JaffaCakes118.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\hugedomains.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10106" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "142" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10106" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "218" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430739265" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0b5d39acff6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10127" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000e46a13537d031334176c4ed646eaf53133c0f4cf686fd14ebd9ac0b2b7e2cca8000000000e80000000020000200000006859670bbe961aaaab29a71f2c6ba4c5f4ccd28643c42e3a7aaaa6267b78b5859000000062bfc8bd71a12c1c7e1f1a1856dc95bc3300f336343176ebee092970680b15a06d5f5d785ee178bdbd33d8c12c2dfbdb353c20655a47b53fb95ae66c739daac966c84316dd97f213011c5b5dd8d0486bbbc0d62589e2006318e2398574a47e1724dbff50ba13f10625654d11bce2182e30da13aa670dbc98643ab45c4b31bf9aff01adc25cdeee327213cbbada9a15bf40000000273253401fcf768895d59086a4e07c6eeb1fda69f50c29ff8e7578dc75de749f38336301027b92d34bf5a705e31575914af59ee116849da53def7b8d859533c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "303" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "136" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\hugedomains.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000009933031356d94680cd4a015c527b3389509857d7741d174a6922bb9435a2ab58000000000e8000000002000020000000f361704248092e70fcffd0f28b55004305b1c5a018de8b3587616a49c9b6a451200000009dc1a616a5b9028ad1e97eef56b6876282b27cf00d14c6cdbbff2d7a562322044000000097d685c9a7db4e99fc857129a09e96dc6b6c394aca905d538825a1694c698f2d87a7c57d079f36280b7a57264578b07bc5dd83e93991b73b0fe04e874a2f73de C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c06b588325256f1e33bd5ac2a37bcca9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sharegods.com udp
US 8.8.8.8:53 www.freestats.org udp
US 3.140.13.188:80 sharegods.com tcp
US 3.140.13.188:80 sharegods.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 cdn-cookieyes.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.hugedomains.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 www.google.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 8.8.8.8:53 log.cookieyes.com udp
IE 54.76.224.206:443 log.cookieyes.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.179.110:443 www.youtube.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
GB 2.16.170.115:443 use.typekit.net tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
US 104.26.6.37:443 static.hugedomains.com tcp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.179.110:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 216.58.214.166:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.178.150:443 i.ytimg.com tcp
FR 142.250.178.150:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
US 104.22.59.91:443 cdn-cookieyes.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 6841bfd0cb5f4f287c59f9713bf747d0
SHA1 371e3a38048f4832c517fcce81a27c50b692cace
SHA256 9a2616357ca7301d4f55644f310e652f1ee2e7b621f3915cff69057b52976bdc
SHA512 01afffb7d85caf28ef32dfebdf9a8c6864199cb03a5c5278b91db039a888a14de1a2cc8b8be6806f43b8f7698f1faf42e9dd816967f321204d3171c9ebe4d60c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\CabDBEF.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDC7F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85dc5105d7771f37aadf3c31582bde45
SHA1 2195c3d71753362ac0d1a487774d5ee9fac74f68
SHA256 c2106f13ae76c74c348f677df0dc9cf141582d5c82e5d74c920e2632fe9a1406
SHA512 d1c38f5ea4ecf72fefd91b10329661e88a89864816d58af16c614ae2998699d3e2f24c3a812a6c3480669e9593dd8a1e55f3aaf52ee0456f5c27f6d9642dc315

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89fa03875b46667bfbfd955d79e50000
SHA1 17d728de09181e22244c2e9e82a7b01d2e4e75a2
SHA256 5c5c79dcfccc5272b086793ecc25b60055d2f03851c01e0a85f9b8af96265a6b
SHA512 792ede7fdff3c2647be1e9bf6be31aee188b680ebde042581b71d6cfd7041ba25a98f12018372578a379f6dfcb6a9537d738016f6b79d567a55f78b6ac20ae06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a62b5337721c128f431cfbe6220fa1e5
SHA1 479001a1e947ee85186447b1aca82c18648e22b5
SHA256 c276ea66eaa2a8f9ca5bac38f62e7c0a8f4c8c0d652e469b7bebeaf1c4e34396
SHA512 8388b68c1f1aeac493052c9d495fedcee156dd49c236cead31ff71b73a9c25b53dc07396f571b807a4914533f2bbdb23e423ea3330b66d873e680699945a438b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df1d41f51053a3ae612558f9cae855a5
SHA1 0180e5459e1e48015191125686ad14c9c5f75631
SHA256 a84ed9fe89484f67c130ea7cdcfa534b56ce9f4746f9a2550d8645399ff24bc5
SHA512 cec7d1b6e34ebb92958502e77c7099bbe14e4cbbadd442ffd5e1bfb48a9c3446e98d839e185af1ca06f7d3f4b66df7ba0e91111dba8dc6f5c1c4608827288370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be99001bd59bce1f5ee2de731d5ae33c
SHA1 75f34bf0ecfbd92bea9e0c37d1d9deb9355e9135
SHA256 7fa1790c8caf04944c5fdc183a04e6097de2652b5aa6c1f45233f42d890e371a
SHA512 f7664c44a57ad69d8fd10947bb6248d264d6321e3479d0cc4b12677edc20823f415f0c758e4dfeedd2be2a05bb473416b1c1d96137b5ed65964b5579d0329c32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa873977a68ed8b1fbce366cd6b0ec58
SHA1 07fe803054ba196e008265ae3d8ee072c8ecf9c9
SHA256 467519c2bac68a8b60ad552b1cec06a28c9f9a654346bb46c8b5013fea4f33ad
SHA512 beb379aae9fed8304403e240d8feb29c52721eefa793790dfe732a5232420821efd2c15528851872b7830089ae95c2a15673af46356cdad90e2a48e30f12e02a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 486506e25192257b2ce2617f135b6f3d
SHA1 97671c18094d3bfb50988c4f3dc3811a2e3759fc
SHA256 32d4d3fcf641ef78006f3f73d06321b0d69cf53af4244f4649822a15e8c1e299
SHA512 7fc56e6c41c9dcbe9c4dff602344b9eaae853c251796a37081ed1fafbea41d56b97d3c3587e3e918b1a544c944d6fe49b376f1938e8db0c50a258d27843fc0b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d261df2eaeb1b8e8ee64d0290fa6d02a
SHA1 d9839b46147b114560e428a0ae9d210a4afab5c0
SHA256 9f85891fdc843660ddaa680ee6291470d0722c938ccdedc3ee6512a2e53b5310
SHA512 2c61c96a4ac44e934d37675ba6fa305ace0e133e096e205e966599454d21874115761e07ea7d6d371975a471d12bcf133b005f3246a84caf355a5c3e85d84c14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1af1630516e90afcea62dda9f732387
SHA1 7e3331ecb0ab6921879deb90bcd4cbc0666c1c73
SHA256 bb22a93d2efa7bfc1144ece1ba354c8a4191287e71ab9cf3306afea4e254a829
SHA512 4f0e119e33adcbcd33d1765d1971dd04a105c2c70126cc1f645bdf7d0245304b22f4f0711d82242a941b195bfa32459c83e1958c7f0f4c1b99f8801374b133d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc508464838d902c9e62393d19f0c545
SHA1 7a9fd8f62ac7551cac2c241528ea072b007a6063
SHA256 75e5a4ca94b1b0099b6fa858eef6f3c98499803f9cc71089e92574ec5e3578d5
SHA512 974af34bef2ab7717334bf6849894db274b074b227f838147d8b0e074ee6c3a284d0337bbd1a8debaaccace8fd880eafc3af2040d1de3e2af0c56ba1952880a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 028eb696ec18609e5a22c7846ad81044
SHA1 b57cba16eb61b60f34991fdd30134514f405e17f
SHA256 da0aa1babcb631c2df241d12fd124c3ddc75a957ba47f16ed71a5551e2ee678a
SHA512 30c5ef7b92505916f423680566764a07f0cbf9052e00bd07363a437e178633d3a673ee598a8e617f61559b84388ca4b8ea3bc6a0f588bc01bee52cd0a677d145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f79a27ffc8eee0cf333aab9c9e2978b0
SHA1 275a26851f3d27f41570375b35875a7eae527df3
SHA256 ff143c508f645ff3fe0e311275a84251bc4f19f093f4f92581693fcaf7b224d8
SHA512 718e75d1c4e4f8a7ed672df1655d210478fd3ef6a15c2455ac41361aa1114eec520cbcb1a4d08ca3e5c48d232a6e5698dd641780ac076a6477d88433003be5f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f252f56e0a851a0f1a437232644bdf1f
SHA1 130f6bde6b0e3c842cfcaa58a60e3e60e25c52d1
SHA256 eeb0928b95f0d5bc7bf013da29af78d52374e6a8b2d719151aea468e0f1afd1e
SHA512 fd49cda8a98bf8085cd0be5c8276b996752a940915fcefd9888585ea632a24307c6b63abbe6365f6d841d289688716a6988c15f3e9a807afd0708a5802e570be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96ba9b323288aa6d83acf3341ef00d67
SHA1 3a851ceac05e3b1bfe1cefa6e515488462535b16
SHA256 781a42edbc97c56b2465477c78d96188861e360f8b831446044c3dc6c6389317
SHA512 edfcd93fbb54313ede130a95fe623c430d2898968dd180326be45c36822662343dc2f70647334e141e34fa06d321a7f0bb8071f8cf89d92714703e34551cc77e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 610ebab5876b88d4cc62c404f4b5e45a
SHA1 e7149096768e92e241af6078abfd975e9c4cfe3b
SHA256 153be1dd83882998eac873dd8d608db69995fec209719975f7085c70dd98722c
SHA512 aa47467cfae3ab110daf7991e84f8f2429e08c538b8c14a5b565f9f73656a3d33c44a2ef398d423736609edddcf66bc2263c86d632ca41f74ca04c757cbd1a5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d18facfc68ba83b6da2af34ef40cd1ef
SHA1 d6e5bb7eb8be1c2fceee8f953a23dc0b98694874
SHA256 f49200160ffeb32b9277809ec7a52072f730df9118810f66f08fe3cdf2369f1c
SHA512 3a9041d266d40f5760f593f5dcb0917020eac05c1280f18411068021298f322b6b1c42ad6e3da175ebdafbe2092a4f69df6e51d128694e9246a3ce589556034d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ade9bde9d9703403539f6f62c638cea2
SHA1 f49c85dc9b0df1cc7e03381d605c6754db983008
SHA256 379f1b1cae6af86f1d099602f76b744f83e5afd30a7de31b4ff5831901b31678
SHA512 165d7a5ebba022951ba5d0106f5b4a0bccea4939cca32d74a31f98f72270e8e1d1b7e849b2e679bdb2bd15c7a79c0fbe70017e8d73dbed76e36a1dabf1df939b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4552d4c019963bdc56a011460d63e389
SHA1 3423d8b585e16c7d19db45f322f846b7a0b649ea
SHA256 ad4d5162ad1dd835b05dca2f458732c3000dda0d3f6713929edfca05a3009ce5
SHA512 429f9ad7c1e8d2e0be61a41359f68c243791f9f2896912c4e642490cb31a6494f8bcd9225efdc604c5771fe184725667f437df6653ab9e23eaf6d2f51251cff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2483022115226e3236e8685ee16a4af0
SHA1 d06164548b6e6074dd0e28975ae5634c29d8e224
SHA256 4b26040f466b527c14c25b7bf32d3f37d85c77530edfb351812935d5732249a7
SHA512 ae64e069236cd14b306241a5956412f8d7166f78cb86d4b3f6445a114cdd2a12cf0a1b53b3fbac80ccccdfb61c1dc21975e8702a819c30f3b90146f0f0cb3df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35525b11d4834e0eb4752fcc1b446954
SHA1 a78a189855da253a32306c3f61b7ed57b93bb43e
SHA256 52be9ddfa4f99e325c833f982496c500fd23eb3d89a9f884152780c29bfbb90e
SHA512 e55ad0073e114c383e6067929fc1c9c9b8220a3550e435d1650d488039dedfe07fdd5c5fd0f36f8deed860bd6801582a2973df29d37fe845316167c947b74fce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f11f11daaf2137226cdaac06c416ad76
SHA1 7d6198b94b74d67200e0b6b71aaf74ee7d743d52
SHA256 089ef147085f6b14948c3b875c4ad229707490bc7b8e4eba42171550dad1362b
SHA512 98004cb8060ab894df9c23006918ef476862afafa5d8cfc9d47cb7f55716c59e93a20dd7971878d0705ced96eeed8be9c03a8b1d23c4023cf83ce3631aba6b3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0797cb8cfa3c53b296d1e5541c6e901
SHA1 d8be525fd178570020f0d067368afbcec98df5fc
SHA256 831ab686b33efed149c38cd5e8643e33c874d9eae8672d8990f2771d6e9749d6
SHA512 9cd4dfaa6c23dd9fd276f6dedc01e80ceaf9686f3bb22b6a9574ef3503a849240f919a938aa1ceee04db2fcbc5d645d5759d3e22d470eda9574e700433d60f1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc3ba632e0468e60ab0c6bbfc8d6d498
SHA1 c4882b0544c5dc015f03347bd1120bda7741b080
SHA256 a4199f21c3fd51e8e9853d11b24b299431640c9ab3a48221cafa2cc035b5c5cd
SHA512 8c37e1c9997073cc42cc6f4d8b61c872f42d9b75ef949da6c55a1613fe169e0a2308d71de293c40e72040728c9b2d1fb8b81b2dca89dc19af53d782ee7bc282f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b370a30e955298ee0cb570db0c43efe7
SHA1 c441ff5039fe9ff2a1f647447325e2bb9c95568d
SHA256 f2ca4ed49d5378a7284b7b10ce9be688f3b1a01a6d4eb57ee6a3089ffe8d6980
SHA512 33feabb825bab928fd11fd2a0a392e1087e00b8a5cf0a0836ca7d2d0cf746af15b7beb1b620fc31777b12edd4fee73b33b0a8fd4b567d59cdefce09b0c0b77d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7be6ac65b70d6c34ad2130729693f873
SHA1 63d44f6b7b41a146108f5448d15c8b53d535bd03
SHA256 0eedc634857154a86c084a5b390299b6386aca1538d3bc74ab12d1c513dbbd11
SHA512 ab144648e43951b3e4d06fede006a17a61b53feff69a0ddf8df993a9c540e6332a1537b4b6f2bd23626e13660a4a1517acca6abc1e9e634c4e3524c37d093d9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

MD5 f90ef720f8c990b8b299ca9cc25f5b08
SHA1 c1195da95d2c1d13a4931ea5df81c79cca8df6b7
SHA256 0e1a4c700079f5cffbacc66d5c4e942bc61cd50993d50a0cd23a1d1709ae1792
SHA512 2f71810cb44f44b9ec128ee784fe7d08d2a72b915d74637a93e8484bd1b53dbf8febb7d6662c773b7a670d2c88ca37e6a2aed434c2703304b77a68736aefdb1c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\script[1].js

MD5 28becf0e5ce8d65f6f9e33e5954a1a79
SHA1 69d67a8f41d803b62218f02a28ebaf53f32e072e
SHA256 c59fa2847d6798cd7b5ebbd9b7832eb95e6b8aeffff195d3312ac7094049ac50
SHA512 3d6734183f99b73e5bf6097f2f388ca83ca7d20a849b77c871e28c2cd3e65d9fc0a020fbd349b08bbd916493089396386623d695af964a6a1f273429cca1ad6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d0a2d59aec55568de17799649d57c21
SHA1 91b1416534fca7c75445924b08c1fd169b90613c
SHA256 235b4f468f0b37e7427f3ec3b8d1fc358c30903ec8c7740c33eaa92d3fc60aa9
SHA512 e85392927b39a9aee53fe99e9cc7d0434f55beff0c03f3c954c292adb3588f625bb5206153044722daf3a03a4674673258d5c675fe0db1dd7a496610cc2b33aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\banner[1].js

MD5 4cd248450931bf118d5bffae2777dca3
SHA1 4f4fe0db06f3168f71bc0b40f9de4814931542ae
SHA256 d743530c678c3add15f37b5245cb441a9ba579e73b9b6af086fd5bfcbdf15e54
SHA512 4ba3caf2ec7c15d76d9acf686b09fc7466767dd5fd0b86a0298b4f4397275319b307166b59a6bb9ea8244b64347c2cfc95213293a1963443bbf19588189c4853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc3a8cf94f038ca7434fa88f8197eff9
SHA1 f0b8c1e651c50001fe4385f5ec92dae51550d798
SHA256 dc525cea3eaa73114c89981ecae2932aa6aecfa85f29c4c482c87b904d9e8d9a
SHA512 5506a38d5ea8b9581bfa527f24b8e7a84ea56f4063e0beed0772f3fd4485f97a465c60ea6fbfa9a29c3f2568507d7572710dffe5af80dc964662445c57ff703a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cac0f668547e4a9ff1c357992adaf8fe
SHA1 17354c10e5b8fed9050af934c36f34185a307b22
SHA256 257244b8080ff32d96ecd1e4c022e255ad1c051baacf2cc5857f13f5f5b331f0
SHA512 8106a325f6775243de61b6448162bdcfccde143f711a30dfbc56444792c5df2d946104326d4b4f22f3d05e5982ee76025060a1e90a7781b53b033ce49025c3eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e44c1a75578a651fd836dd690736538d
SHA1 405ad88d03f2b62eb6c1d862d5540c98eb794e5c
SHA256 d555c66e58780cd5a4e7a40eaa2a4b08eb1728d0a84ae3c5c9adb7c0384c7c57
SHA512 c4286c16aa687593b27d61ddcc49c8aa71a6e26c07b3913c73dba578ffef802c8f97a4bbade7413fd6401c41e4edabdf27fe5beb895b6d2cf6864ab107cef7f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57ca779449d481fc104cd2a29ec76f6a
SHA1 79c4103d61602d3ccb826d8e855732fc9504c4b9
SHA256 ecf4b715c4105d05bec458d919be9e77d7f41a57a0c3ca99250a9a7fc38b8ac5
SHA512 b7ecf57e3bb00af9719aaf7f3e8b8a2b62b73931119e204cfa36fdca8bfb9384cbf46cf12e7c97163d3368aff0179dd4b6a0e85df0dc3b719637b3515a46e41f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07e05fb21b46f1b35862e9986078570b
SHA1 5f3f97f0c4c59fedb256839f251f282e46ebc57a
SHA256 d30ecea49f496530113c9dcd6b4caf2d6a7831dcde26565f422e115a1b5eee30
SHA512 87b5530059dd6d4eda05841628b2b1a02c0e03ad4de14721c2519687fa31f2671e28efab46ce42b946fcd5e58fb2803b95d829fdd928f653dd461aa300f79b43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f0d014f6548479cec004d381f2f1edc
SHA1 4bcdffbb85994f95b31181fc97a82b91e39527ab
SHA256 ddf756ac7367d700d4c23ca840fd9adedb9d48d2a02640bfeebbeeebc40bb85b
SHA512 7e2f56cdc1c8b1e75e8b30af1cbf25447f75733f197a6618c37fe7be3a6b354ad3a06cce0f80e20d6a0a0338445e3afa4d8b459fcbaaa94da65095d288cdc473

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9cc3335ec8557cbcfa331261dd2c947
SHA1 559ca6619114e5d90fb7f679bc1c0a6e99f89c5a
SHA256 1fad153ebd85d4f11252607cd7582036901166ebb094352071947ad6e75484d1
SHA512 94a8d2f87ac6e3a4595ec69073afc4f3bfbe696a142a9d2b0768333271d4a7ba45f4e4d010cc2be2d1777fc3a5df563b8c5e290a10eb7b96fff8a37905cdfb54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69f919f604f1c7707d36f2d4e337f523
SHA1 797610f035ecdf61a5cc9c4c92ddb9feb26988a0
SHA256 65f308883bda843991fc26cf8a67becace2912bfd4e0b3934270a34ae2698b27
SHA512 29f502198f86a94a590b206cafd56b0ef27aeda34252bc2ac5edc19a129abde769f6cc9767e37ca3e4cc6ab6c2f0b134702e92ac27f65b948effe19000372e88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa33823f7c96c7ee0f65d67dc7a1964d
SHA1 6f4f5957d026368021119bae714b6a6c68f8811e
SHA256 eadba4293f94e4fbf2eeeec6738a78217a3a5b26311172fc89ea9ff563076004
SHA512 8bea49e98d83fd556e7d516bcb0b98c135a74aeea4b922c05387ee6d872b9a0354b21b2201f8785ba8c2158c56f39b2a24460ff711564d3092b3ed668c7d3451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ba5c398257a0d92acfc94206f85efdf
SHA1 69c9fc462bf1a50f565442a9676fff087191d072
SHA256 e388d8828a91165c7b0c4ca39ca9b710480a342f459feca7a2c73208c8f55e73
SHA512 a887f0276fc9354bc3579449954f6dc0570a5a9c0562384ac8562f24e8965658b85ff6add0e4fd225f71f85dc00af6e3c477e538d5dbe4a72f5cbb57c426e86d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0df0b409c93b8fc8e39e95be8038906
SHA1 3be722d6408ad90062ef37504237aa9afd7d4d85
SHA256 2cb33ef30e6f9dfdbed07516033912644ecef08b231633ed0217a5c4c797f56d
SHA512 ad97e0ada24695fa0a50d9acb5373cff3070f9e5c9e654cc57ffc7bb0d6d8d5dda85b684fe3b9c8788d5898f8d7ceaa0849bc13460c1ee620e6c326c64ccf99d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1a63f33d600389c419994e392d3d3d1
SHA1 14d55578608e5a47ca110dbfbb6dafdc91e84f7e
SHA256 473a0872ea905fbe4f38d5b2514454f678e9b7207c3ec0ae6e2a366c1c2f2922
SHA512 45b69139506c1eeed3d2131b3530dd15c432cc57d60a29a3be842f53420186afa085d1494d1d513ed4eb27e993d48dde172314a77125b8bb443afe0d51b32c84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca0081366b0b93c7e7cff1e511ec547e
SHA1 d37a451ad84e8dd2d4fb56e92d2655ad083d930c
SHA256 688d365088478a3635b1c5925f7f19b331ba835498310b7c8233108a929cf144
SHA512 92cf719345e13c31c6b137b4996d9ce8347c1fb68403c818b1a8c75bfe571898b485e94eff18435259157393296ee3bb4eaedea1d18a7051361031406e299637

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bb0987e47ca738facc9ebc47e600746
SHA1 acadb4c39438a0ff43265924f87e021650ba8438
SHA256 67575a73835c525d8b01d83afd2dfc32b218172d83a2b3681abbff0f1186bd42
SHA512 3be25f3bb4b685626aa52f1a06eab2cbde40460deed3f1f3dfba4f49ef7b2394335d3215399cdc087ba25739b2c94dd3625970a93a0b373baf53ecfa85f32a39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d75bfa755ef3f3914235d61f5264f17
SHA1 0e013447f1f4d4d821794474c59b2bd666311133
SHA256 1afa0b0556d6f61ed92fe55fb9f871534ca5a515f6bbd49d97b9879f6e76c005
SHA512 8b361590b3d30548c4aa20d4356346207feb2c055d380946920d3e7f1578d48d238101ad30126d2c233b525cbdce556e0fbe77d92792c5249e01c50eab9f8943

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8027d4572d156bc802a76dba82a181b5
SHA1 d908a57e1fb06a4b73d40749857cec4b87e1bdcc
SHA256 0cb06947d395bd7b5cd73f0ab80fe3bc5985e20cee9defeff37435f12689eca3
SHA512 6d23480e32cce52d8061c8eb62f2a05dcb0981e2f59c4185a7caf7690b5aec6ccd614e87001d1138dee7b1e2d7dd8cd455fe483f719e1290549484b2f882ca02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\reboot.min[1].css

MD5 51b8b71098eeed2c55a4534e48579a16
SHA1 2ec1922d2bfaf67bf3ffabe43a11e3bf481dc5d7
SHA256 bd78e3bcc569d029e7c709144e4038dede4d92a143e77bc46e4f15913769758b
SHA512 2597223e603e095bf405998aacd8585f85e66de8d992a9078951dd85f462217305e215b4828188bf7840368d8116ed8fb5d95f3bfab00240b4a8ddab71ac760d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\css[1].css

MD5 1e7cca7a1b89ea2980669f4adb65becd
SHA1 62da7767f3bb769a9b31e400df446a4698e4db63
SHA256 598ad75d6e2e244b759b3f376b510f0ba560b77cc74f48351dcf2abdb7df474f
SHA512 206b90eab94f9ce7260ec624ec9a8afd70bba96d4dc5d8a545a29cd73e55832196e509523da1123c2279eb4cb63fef429e28a3438a268dd3fabd1fd949caf1c4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\style[1].css

MD5 65760e3b3b198746b7e73e4de28efea1
SHA1 1d1a2cce09b28cffc89378b0a60cbb1aa8a08c4f
SHA256 10e40ea3a2ad69c08d13e194cf13eb4a28a093c939758a17a6a775ef603ac4fc
SHA512 fbcb91f26b7bd874d6a6a3b1d4d6f7277ded091cdae5706c285b4d5d17446a1bf58572c224af38393ce49b310a51d5c5d60711c7094e5d32abbaaf10d1107e1b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\responsive[1].css

MD5 4998fe22f90eacce5aa2ec3b3b37bd81
SHA1 f871e53836d5049ef2dafa26c3e20acab38a9155
SHA256 93fcbfca018780a8af6e48a2c4cd6f7ad314730440236c787d581e2cef1ab8f8
SHA512 822158dac2694341f6cf5c8f14f017ac877c00143194d3cd0a67ffd4d97f9bf8f2305e33b99fa12f62eee53ba18029541c0601ea5496ff50279d1200cfa03232

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\hd-style[1].css

MD5 2ea4a69df5283a1cfd0a1160203ebfe8
SHA1 1c454fb9cac7ac0b1f65cd5c93bc2c9a0da8479a
SHA256 908a427dd11cc624f78bf96e4f775ba708e1bb1fbaaa8566977f3ec54416126b
SHA512 197333dc17a36ff127e6e001a898583322ad7ffa76e24003378f462b041e215194a2529eedd5f93e7e35a0e21dcd88db49c5afd18a0f7cff4cb00f50700c884d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\hd-style-print[1].css

MD5 7878fda89f8e725fa06880d1890f9c00
SHA1 3f8e8aa44d26d3cff13159830cf50aa651299043
SHA256 6d17b244f2b4b8a93886dbe5cffad1cbe8fc9079495fb972a10fac1eda0a16ce
SHA512 392d457f4c54088abef2b4deeb042220ab318d00d1157fc27386a5faac821c70c78c8452c99bc75758fa36643932938274c171589307919ec01e293010ea35fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a85b760968e791691152e17d55a0dce
SHA1 1c09fbf0645c7aa6ee63428c093b0e1e61a33437
SHA256 a8e424b84da0e176efd7324a3a8d0b70d8b37c12408c896e587d3c213bac4386
SHA512 fc69556cf45ccf3212bca3db572d675eeb33c9a88cfd33c17ffd95d8375c9e6dbfddad0514918cabfeb7451c3a1c6329d5d913c660199db01d5eb1c508c6de27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aeeb4fe355c97d33c01e413c65afbd85
SHA1 14c9e7ebf68b3c5b9ed964112e0e53cc9b6ca874
SHA256 aaeed56c2e4b640e420ae36b8534c626efc3b36fbcf60ef90b95be2bbdd1a65d
SHA512 5d89ae41a984333442ee78f398e31b4f1c2a7068f030079aec3b81b7076089e4200a5481271fcba11a6ff7014a4f45ea9e5e71c6d2d230a99ac95eb269d2b1b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f207a479e07a193a33640f6bb12a5a5
SHA1 843e705a8a6fe7fca292f411817ef500f352e90b
SHA256 243b846ef6bd3fde41d33edb79fa5493b514c85f1fe717e41e2b6fb7f957bf57
SHA512 f4bc3ce05e87d7d2a56fdf2c25960e2d3afd06b285ff73052ae43cb383eab06a865c87a59286b384f42b7a678f3f999088a4000bfe65981d00771581a3a84604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 705e78892880d0c148c3a847ef9483bd
SHA1 2e86b0201401d9cb96b7546cbc27221338790805
SHA256 7435acbe5894ae67c646d921095c5c668f1fad34c5cfba6922b6c7438925b391
SHA512 9b0068b81b1d5031ca1db6706b17a1e14ef4d344bd517b08fe9a848e2d4d7f401dacb868d2722f0e7708fb90c91aa1b216318ba41562f5ad566d7ccc5a3b1c4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee35f3d1dda28abf879921c04490747a
SHA1 94ce6bc906a4e77bc871db4667f0caef2df9bc94
SHA256 5441c5dee18879633339eee66fbb6c027fa9f3f0776db69f3ed0b99310f3a33a
SHA512 6384ec2e43def52bf74d68b33cf827988d29972afcf3c7060693d4eba929e2ae4f972e5915136e5a2a27ee7512fd3b0f2c61caf7249620f72ac7ed70ff7a2afa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd3e2ec5d28ab68084a3e248e6336fec
SHA1 87e6d9ebc777f7ece6a9ab627a13fa4cd62dc631
SHA256 420e826ea7d49722d9bb217f0d8e16d6e62c924e82f72cd95452802e17d7ee9f
SHA512 0238043750babd319815a9303e710a2d0367c890e08895eb8c63df00e039e9e1e945a03e972dc112de12607c48e6b591dbc4369a3ce3a4fd66dff79207f49dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 194e845a28dce6cd04dc782d13c16af4
SHA1 35edf8ee755be715bfb494e15243537ee0c33f05
SHA256 77596f05a92926add039ae9cedd84200056877d1dd3581bd8d69632a1ecc94c7
SHA512 bd20c49abd456acaf71943b8cff422a18eb117211ba54eeb93c85c76440b6645000d0fd29676578f54caf313fed34a1d212fd86f1d9caf286903babf2fb74f47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5c3ac1339af306a2e17066f8cc8f268
SHA1 a2e8c0301669ad5b38949e63a45d03dc4f17aa7c
SHA256 5a3032ce77857157f569b385445c13b4ad672e97b3441bf698f524103e391f55
SHA512 3bb29f3daab7262725e5adb8b2b4ea6147aa17ee8050dc6d0bccabaccc35380c05ebd691e6caf8a4e13b5f686a051930dbe92e4b74b029989c69ae7c67dc0d3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd5b2eef40266a1d53267f5f882c688e
SHA1 c8bb8a30ce398bb85f1777949d4c1756f52e4d97
SHA256 8a3d2c138b606bb5f8445f7f06ffd7b5f3bc7d762b2b2a47fb6998dd6201efa1
SHA512 e0342ad193f3d3b45e9b0496355760d1f8c5caa62201dd78405a5d02f6584f0529df77a5c9cbecefc1b18c10bd9a33057c8b681ad189914711c1e8b8e3ff051b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21e560f5731c48e5af35a695b5a48082
SHA1 890729927c0a71edd6bcf5e4147e9d20ac197227
SHA256 6af14787d079e63bf3f3a4f8f2cc07157af454561afe624a0170b5905796f678
SHA512 892c79385b9f1d3bdf30ee14472d97ddec71d4c2a9f9f398d43e367c736e565c33ec108f6c14d2937817a35a2f1d73fc12c6f638a4f930d09138b5773f1bdfb4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\js[1].js

MD5 5f3c42af475f0e2427483a8467e2e6c3
SHA1 e37609159809a8b6e5d3360441f4a051d492a61b
SHA256 c7f6000ad6974a8810c431e1bf25719d409168ced7840a04f5c42a78c827383f
SHA512 597648fd4f9bc4721d9521e52a24c7c82456404fc81dcf78407d1f85e98bb09ac9e1d9e209436019336457650b11eefc7acd12da8e6d73b89c107b09985efb3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\enterprise[1].js

MD5 fc9de29526a4a0dcfafe2eebd1da3dda
SHA1 1a6d3b9b8c210e89a2e9fd680e63be6ab398e002
SHA256 0703503c1ed3e09def918365c8ad1eb63372f74d8e6b3875828623c56890a3a3
SHA512 14c6a1d7026a66eb335693eb46aede1d0440f742d35cd4c217b14a123626d9c9cb446e724b2e198d6bc37bf26eb184816bf4b6b785410b4afc541d2f5cd77662

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\jquery.min[1].js

MD5 c9f5aeeca3ad37bf2aa006139b935f0a
SHA1 1055018c28ab41087ef9ccefe411606893dabea2
SHA256 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
SHA512 dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\script[1].js

MD5 defee0a43f53c0bd24b5420db2325418
SHA1 55e3fdbced6fb04f1a2a664209f6117110b206f3
SHA256 c1f8e55b298dc653477b557d4d9ef04951b3b8ba8362a836c54e2db10cda4d09
SHA512 33d1a6753a32ec06dcfc07637e9654af9321fe9fa2590efc70893eb58c8603505f2be69084fb2bcbf929218c4e7df9f7a8bc3f17a5b41ed38c4d8645296ebab5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\common[1].js

MD5 56b21f24437bfc88afae189f4c9a40ff
SHA1 a9d3acad3d4c35da454e4a654bdd38f8d2c4e9d0
SHA256 cfece1b609f896c5cd5e6dbe86be3ba30a444426a139aec7490305ebf4753ed4
SHA512 53d4718e60a47526be027c7829f9ad48f381e22765790f20db35ff646bd994f8085b12b8fbeefd5b29ecda8f71f4c6c62b64652bc9a7256e001b5e4047c21651

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\hd-js[1].js

MD5 6761faa022e0371e84e74a5916ebaa44
SHA1 5320c3d53d5447bad2a02c63208deca7fb94b655
SHA256 da17fb5b54c0fcd77c7358ff274823cb6a02ba0c4b6fcdf347c1ef611818bd9e
SHA512 a8cdba92942f299b648e87109d193a1f7eeb8f243eb2bbe4224423b512c400fccf930d81cd403a925fdf99220fdffcf89da69305cdc054963a64da470072d019

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\js[1].js

MD5 b4a5bcfaee87eace6ee77d2fc0e0ccde
SHA1 ca5fa128761ab9e523fb002fbe49bb90a52f371e
SHA256 022b7b6936ea678a8f9660a10d9b1d085f2cb7972ac2cccfa2e79b8bfb83645e
SHA512 c07b07d05211a4d1f4d3c29c1277f41efda2bbaef8d3b23757b4f7b13a4cd18aa9397c4f55a03fd4de45114b13de33a082687e6e5736e4e2a788948346bce037

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 35137cce9a8c7fb551ddefbd39b60d8c
SHA1 dc209de61cb43bfd23f0f9e023b037b39d430537
SHA256 fea9880dae6b280c3c7c842c4e6432b2016eaa4abf530fb25ea7275d49e5e480
SHA512 9c5d64da9a5702b5fdb122c078e8141bd0cb9e59d8f76f4f3fd05170922afdcb6c45ce96430c6eee4f7237785e3cf2541e7fce2aeac09f61ba7fd7a3c5837602

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\recaptcha__en[1].js

MD5 70306d36ce9dbcbd8e5d1c9913a5210f
SHA1 04949ad636f8cd09bf91059bc4aaf1973c92a15f
SHA256 1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b
SHA512 a7f00ba83fee80e7f2006c9e1f0121e2e515f4956182924e67c95a8c5522f30735f7bf4a6f7dcf3cbd29a685e967b1c4ddfd72d7f1f4cefbe55326becdacb275

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\favicon[1].ico

MD5 0106d4fd24f36c561cf3e33bea3973e4
SHA1 84572f2157c0ac8bacc38b563069b223f93cb23c
SHA256 5a6c5f7923c7b5ba984f3c4b79b5c3005f3c2f1347a84a6a7b3c16ffbf11777d
SHA512 57b77c5d345eca415257e708a52a96e71d3ddf4a781c1f60e8ba175ea0c60b1d74749cd3fa2e33f56642ce42b7221f16491cf666dc4e795ecc6d1fbfdb54ab98

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

MD5 72fcd91be04a6313bc733bc748f861f4
SHA1 9ed7a7988cfdb6dfbbd23d953ec9fdee6c2d22fd
SHA256 52d9445889733fe0dcde83ae4c0f0e023a36416f17ef70c6696a70bb7e09a189
SHA512 08b83c50f50b4a82e06533389548640e51d424a94d378e9d55f6f0db4a172e2ad96ab8995185155a4488c288f89545013c5991208c0e110e349a9c19fc9396e6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 834b1598a690377ed8cf336cdda83c20
SHA1 aa4a867d1fe9981235fd943ced93186ac4651823
SHA256 164f198433403af1c6467ed9fb0d9c46276526830ef04997d60e910cc55670fa
SHA512 27c29aba2aa5350aa5e2dc45de84fcdc5d5166bf77698d5c3b8cf96b6a87bc48f0290c6c9ac01461089105fb10961992f0e5ba770e6edf24fc1d913d598e0ac5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 24f0ee57f3bdaaad7e7c833824424b3b
SHA1 fe3e5c309d44efd10978d80d0ba6f23a0a1d0adc
SHA256 f123d34fffd32644c023e32a6132373ab9471eff38477b44e16e6adfb35634e5
SHA512 38b455e149dc9d1f522b793b19b70b13f23a125fe90b419dfcda3573d36ff7b3e38e1c74e1ab631e8078e6f70a6d88fa4f729ee4034e4f9fddeb6735af2f9add

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 754a94cb4be95fa0261392dabc639066
SHA1 2e1579fabe4dea38fa92a5c6a900df48a5c13331
SHA256 11dc15b8a78c9e7fa06dc8ac209ae3a766b537ba5e3ca1420c3b044be108b272
SHA512 65d13f1fe91ce9aa173d59e759ba190fe597e5a48715c15e0b1f2b90cda53cba4257415a2b2ac78be00f9b9af8f8dd121e18ba9f3de7e908f3673da86a778c6b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 6ef979cedc75911eb37c59dad74456db
SHA1 b324c294efb50457e00a985bcdc1575cc39e0426
SHA256 4d1006b4eb7bbb5678e154c83e4691395b19c3fd52825e74a861dc07060adab1
SHA512 1518108fad573742e6cba066e314bf8e6bc3aa52094aed0add91fb3c5f50929f4c27c8c98d31cd7f6eb9034d6d884209e39ce2e77dbcadd97024727ff3977347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a700e510215985d218d70a13bb0feb1d
SHA1 fb07c99dda4c23bc6d7cbd1dfe8cb85e11754a0a
SHA256 07abbd7a29a326be92051fcf8f3a190c45e76143525d29de23b6798d0df24586
SHA512 6132e5708a9dda862f3620036ea3a8be37f764b2dbc81ac273f0baaae2c27ed5e57a8599f6297010291d6a60765e1c4e5c86d4c9ed25754742b483ccf903fc72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f28c3c58f413e9500cd1e20127a3491
SHA1 ab44cad32426a8e2adc2c405ad9d2e84028c3a93
SHA256 3a39ec12b33928c1967665e5a47c204b941e8639a6ad2c9a4ead78994e454694
SHA512 de5f44a9de99c33d1dfd7e44436e2365244e28006e94f2791b253ef08e0c0d33491a28925e2681a44fa13bad713050b84e41c704e553ba2b30f39b5a636d4f13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d512a3815dddf0c5e441008c631fa95a
SHA1 68bd5ee63b6f7ecd23efd69e9e6a99c4e171dfd1
SHA256 828534a0c0c91077965f9e1af148c3c4e94903a7547d1775a3734d9b8ee8dcb9
SHA512 cb3322612bf3015e0cce016b1c35967578beecbb32f3511a1b67c598331a481e5d8f27644494f58aae211c38b019cb5293dd642cd1186f37f910dea78eda34f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 279201bcf585ab7e1adb0538e10ce8aa
SHA1 deb8ce3d4eb652e086f089bd2778bcaad9d9a2fa
SHA256 c5f48446124a2e6b0756646afc1b544b363aa77c318e4e0f925e2abe6254aee1
SHA512 c1d66277338dbcc5a28527f5eb58263fcd1a69c46d7dfbe87f940494c17bb242bc68f8cfd6a09be0702ddf7e7c7a1db74b3e888cfaac4808f693b30565beaad1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10f0581e62764e2bb2e6ded621cccdb9
SHA1 300addfb6b7b104b4add83c27b8d456cbb59bf86
SHA256 d76677826f2e82938a6007cf0e392ae65df2d78e9c94734b62223ebdb3271751
SHA512 a282c1a7ad2f421dba2049f70835a5f048f779ec348a6147a016230ea15ffe552102705e15f7ed72dec14dd92c70038dcbbda19e6e4667dfbfe3fc44b22c5968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 effd9f5ac385fe7c728f0f4b4047e165
SHA1 bd63f594316fc590822dce46c3502f427f031f2a
SHA256 9090196526dd8863b358845f8ae4ece0e40749435983621d8be2d414b9bfcc8f
SHA512 353deb32c997424170a7c2d0fa05f68a96689d962aabf100f445cec737169b8ec108472f304d76cac64146a2089355080e3486ac7b45e6314b548155f12017b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a40dea3d5a5e0099cf6a5a967ca094b
SHA1 362276a70cef73e252511ede9b4976d8719a3601
SHA256 04985070c6b5e4dc5ca20fa82b4d1c1f2828330036c044e9ed54174f35ecbd67
SHA512 b742e3fcb819c9493e6051a3176e50b7bd093269279989d8bfc767cd4e9e9aad9058318e0edecb138b321f1fdd3970bf71c2c178f3a3384a56745738225ffe91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7af182d872b4a4cc7f8efed8dbb7f0e5
SHA1 43ef59d0741c7edd3b9650a959801390931a09ca
SHA256 ded2973ab4cc0a9ba7470f0a91b9a28d937bd2da0ee01e3b6bd0834c6d75fddd
SHA512 05d41d815e0a8adb50eaab4ec265a8026a34321eb05ff5f8df55f95e682c38ccd9229af32c88d5a935c48a06de53552c6e068334dfcf82abe703962ab1ef4092

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d317be0af2f86b184ea32701811b0c3e
SHA1 57ea0694ea06095c8dace059f030fd338d1e8835
SHA256 64b71ee7e09c050c54dc44239123fca08d8982e2beec733e36bf1034502632c1
SHA512 6877b8613b0bf9610ef06f71b4d48b457ec464aafe23603d614d8cd6f7ec6c6e8034a0c5f3aaf534ae7d942210f26d4140684d1ddb96489d2e709205ced7c663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 144c4273a798511f1d1734956d906fd1
SHA1 074fc0c751c7808c5c3260d22ae4cce894eb0f55
SHA256 66ef870733a40de963c6cbc4ae40235b5cb8721efb85b84e4f5618d107e55e13
SHA512 2f83d29e0e76483c8a6283744125a4178d379437ce131050f0ab69f5d581610f222c3031e7c54f5524eb11152b00243df85a8239a5df044a0bc62568d6902324

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M98ZAK6\www.youtube[1].xml

MD5 3b467ae8e449a867e631f8804894ac23
SHA1 bce9e75cf71a72d60202dc624a568a08ae88d139
SHA256 8403b10220873f5a8a710e53ed51aa5784f565ce3f97cfd8f4cf7527fe5b35f1
SHA512 4bd1572c2120bdc83bbc90edd38e7ef61c55e1cc30fa6ff691421cb738289e976863a66279a0e2bdd8a5ef053187d4331cafc8dbddcec22976c56d77e300a08e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1457528f6d4fdd4481280e2a72f5aa27
SHA1 71b1b0eb079b5cc330e1c73dca0401f1208c9625
SHA256 ec964588eb7079774e173ae6a74aed72457128a468e8c00d8c3d0e7810db27dc
SHA512 c122fcff7fe88e8208d3fc18e62d54cb2a9d91b67fd92b513f6dcca8ab0bdf783b79031f457a64bb67bdf8b4ede947b3639de41e38e25f7ed92412241a92a51e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 377c4d023a7c4653ff21928e3db12e27
SHA1 71f4b1270945704befab6d506305e1ad4ca87fff
SHA256 8a8cafd063aa6f5a70ab0a515e014513f77b7b08811ac24ecff8f78a183daf01
SHA512 a893ea1541485733ef531b577c276893060a76aa9dacc728665b049b9c75be9e11aaecaebbc8bd3742fc636e0f922665018fa2bbe7798bc084f286f789cb8e0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8f663256a03a0426724f55d9aea8dabc
SHA1 4e9479707ee0c5e48635ed1916493edb03de081d
SHA256 543bafeb34d59577e1e4e2221bda18d549474f98016dcf548ce09b812128d29d
SHA512 f9977b60a124f95f96b718dc84497d0811408ba5d4a678d6c5c89ef64a33d065587ae7776cf79fdc071de048a6d3ecdc957d4315351aa6f36e1ca7141374633b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3c1433818447517fd75135f5bc42710
SHA1 2a85f33ef586e2536d352db3666066b66232eb9f
SHA256 88477af3e920fedbc0bccb72ece7bc1680ceb38f53659bff620325ad0f10d6ef
SHA512 f8429bff23b965240ab4b998e510aa5e60292e0ed43b297981d9c87461d60fdff2a8963ee2442a90e81537a4047c358cdb947dc1c1f71263d7c6fa93dfe42c86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 829359cba4ee7b65e04003895a7d0a47
SHA1 0515e8a8335b0edd904fb1a9b81f27e1f6a4ddea
SHA256 0e746d872bad295f441ae7b750419f0e3f5f7dbc912333bdffbb78195569e148
SHA512 42036492d0d243ec250ef759c275050160af3a0b662f6e225958dbe9f6ac7b6774379e6ed8fa204070a2eaf13b258c7c677d1eae51ba1acee4d3e77d266d3753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 413e1fba1c4ed4a859b21caf1e271b7f
SHA1 8e68de8fd89437805539a87d65bf093c9fa95bab
SHA256 f36bc9fa55e0c5319dfcccbfd0c446558d6ba75041af70ebf06ea060bbeb78bd
SHA512 8fd1ef5c88e3640efadaf48eebd2a6a2ce8113157f06cea364a398d882b2f4f7ac20834964375e04cf87dcadc11d8566eb5274cbefd8a51ccecfc5b226572e02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 333131bf4e5c04ee96c6bfa648e4cef2
SHA1 e273435ddefe52e1ebbfcec289dc2f25a1f4afe8
SHA256 8312e46c0dbe92d1147445b4a1b5bfeea3d2f681d5c174a450dfb9fa2cfa67e7
SHA512 8156ca059e3df169edc09e5e33b3eac69fcdc6b9c2d8373bdb5b727095c00b828e2ba5ad3d6590e7d6dc13681474b333b99315655bc68ff48df5f5e3d5a965ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d4b24136e4a4bb35f9eef04f77509bb
SHA1 622d21ccfe67ab9895ee7536babafd994363f948
SHA256 67152221121d3a05366a474e1bb579f481adc7245693f9db49aa561000db2a18
SHA512 b50c30f4cb2e52e769c5cac0e01e79a17783bcc080b2a43496b1de91402b6587ccbc9917fd3b416d66a89dfdd58c9d38e5deec78542854a98e50af4492b353ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ad50e89d7c563be4fc5e7b899d8e58e8
SHA1 dc2e9883e87014f5b89f0b106db81e7904443c79
SHA256 4495238d7424f11ac2da6d85f6544df5a5921f35de4092377f4deba9c0df6b1c
SHA512 a0d4905f6b00cf902b04f5a04164798db0251e7113c3863e94a862e884b07ac848249bbcc13904f9b2a5e77eb248ccd159e4ff960a61bddeec65a30391166753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0e6d86d0b80bf049885b7eeb3e7833a
SHA1 0884229d038a711280c490de0c63abbda5ab243a
SHA256 ebd973040e9deb0ee54b44ddb996ae56e931d73e3e8ab9219ea34d5be38cc7a3
SHA512 c1caf8fbb387e8b29deef94f2b6052de650285fe5ab820d66cc4404edf616f97baf037ac0e00b1d23480915ede741b7a7d099c6950af3cea35ff3dc312fee606

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10a62935b48517d52ee421387e96ac6f
SHA1 d343490bf61b136a747b59ac02cc49da412648ba
SHA256 5aae9d9dcfd0e60a4cf5fcabfbb53c72e9fd8f417e505d1c81d6d16678f7eb18
SHA512 757e17bfd44aa21b588cc03ed8f67a2aaa7557f374bc7d015142c990917cbcbc7233b473bb29636e04a31babe63e26447819e787b54ce75cd365ab8e157613cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a67cde1c4fb087d537eccbeb22f4fbb
SHA1 23e71900f250beb094e84a7feafc04139fcf2b4b
SHA256 2e3d4df59dabbf7b8c3cd713baa91bc7e123ea49de0edacaef76054c3add36e5
SHA512 9905819d91e7b977314b8c75b7c52d4103e87e4e09bd7e174b623efc0610af7e755707fc2c0bb95dede0163f09d9f5cb4d868e95bfe9c319246bcd2ed0074fcc