39b22ba6f58585f53406e970c61644f6740467680311f573801668dd067cd491

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 08:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Size

649KB
MD5

f9f1264768c9dc23bf585e67b7feb48d
SHA1

6da7a29fa4fda571da6432a03612045e729ca083
SHA256

39b22ba6f58585f53406e970c61644f6740467680311f573801668dd067cd491
SHA512

5d4d9ad0091a0137b4e20cea3dbacc68cddfaf977fe17b9cd1756ca6905c30c5996cff884e24a9be5261c72710a17793e0efcd966fda8919f6745b9193a6be52
SSDEEP

12288:waWzgMg7v3qnCiMErQohh0F4CCJ8lnyPQUix:3aHMv6CorjqnyPQF

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Cdobe Emulator\Internat Explorer\Desktop.ini	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Cdobe Emulator\Internat Explorer\Desktop.ini	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Cdobe Emulator\Internat Explorer\target.lnk	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Cdobe Emulator\Internat Explorer\target.lnk	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Cdobe Emulator\Internat Explorer	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 60 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A79CF621-FE29-11EE-9F86-7EEA931DE775} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000666d1caab9d3bdb5d935bf7c22e09bd15cb8889ee21c8e25a6dea2488a51b50c000000000e8000000002000020000000ddcb856b648055759bb536744b94c629565ffd6c1f1f29a47a25795e54662ad8200000001afc1a39b6956e0d572c654174dbd10733b34534d0e32fa97db74248f4a4ef7a40000000c4edd134c4bcfbab8743415aefdcea059019f331269c21bc5a61367489d1d6ea5767fef511bdb4d95cbbfc46c5f32f80abfcaf6311ac7833b7d2a5e366cee0e3	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\New Windows\Allow\www.soso.com	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000ad460ee32ac7b6980473086b63e9b49e36cb0c3f69500b3c16fe5f6e807136db000000000e80000000020000200000001e7efac743ec128d797334d947ada881bed524461b66ed55bd0982848124b781900000005a656ad6aeec05897997da91ca366f551e61f8103dbb9d424709458c3af8538ee4295443db7442dcafbd79a84fcfae3e9de09f0074e8578b278a7221edc3872c532f87a776a24728692fecf1a8732ea7f01f2634710a9159747b7289c87be258f4eb5455641b666f2fdff016a0245f66840a6a0c9efe5a292aa05069ea7a2cea663ae18ab6f077d59f75908921e888434000000088d4e41eb80ba1bc881220d05c674e0c37d5a9beaf34f84530da8214bb4d1d0b4fa1fc10cf2ff511fb884c6f74aa1f355d7a56f91f292e7880583ae139feffeb	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3044ef7e3692da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419678403"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A79A94C1-FE29-11EE-9F86-7EEA931DE775} = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\New Windows\Allow\www.3929.cn	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN\shell\open\command	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN\shell\open\command\ = "explorer \"C:\\Program Files\\Microsoft %C%9d%8o%9b%8e Emulator\\Internat Explorer\""	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ZBA\ = "VHZN"	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN\DefaultIcon	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN\DefaultIcon\ = "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN\shell	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN\shell\open	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ZBA	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VHZN	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2516	iexplore.exe
2228	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2516	iexplore.exe
2516	iexplore.exe
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2228	2156	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe	28
PID 2156 wrote to memory of 2228	2156	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe	28
PID 2156 wrote to memory of 2228	2156	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe	28
PID 2156 wrote to memory of 2228	2156	f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe	28
PID 2516 wrote to memory of 2708	2516	iexplore.exe	30
PID 2516 wrote to memory of 2708	2516	iexplore.exe	30
PID 2516 wrote to memory of 2708	2516	iexplore.exe	30
PID 2516 wrote to memory of 2708	2516	iexplore.exe	30
PID 2228 wrote to memory of 2548	2228	IEXPLORE.EXE	31
PID 2228 wrote to memory of 2548	2228	IEXPLORE.EXE	31
PID 2228 wrote to memory of 2548	2228	IEXPLORE.EXE	31
PID 2228 wrote to memory of 2548	2228	IEXPLORE.EXE	31

C:\Users\Admin\AppData\Local\Temp\f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9f1264768c9dc23bf585e67b7feb48d_JaffaCakes118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.9688.la/tg15.html?2d
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2548

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51a61f0ad297f74efa9c6236ad322c12

SHA1
e5d8bb2abcc8c07777333886626c9ba99271f609

SHA256
913aa4201bf5ac9f5df151ac368b832ab5e6a2ec202f72ca400e5fa407bcdc81

SHA512
f343efee61107530d6e77e10569876b237d78d48c60542a6c1349cb21cb43d2f69e6ceeb7a01ae29e9073e57c856430d5a31c208a42c9a8a150a462068e872bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48e0d00b33b9d388abfde15f3e033800

SHA1
a71a6d351418becc85b2d47417a5c3a6437eb16d

SHA256
d07aeb24852d34e76ddf5c941e33ebcd685c5167c07bca7e5f508f9309c28faa

SHA512
626ad762fcef8d5b3a66b2942a7b994cd92beb84a46a20beddf361108aabe36771c278dedf01748cbbdf37be7d7d3ab8a335398f4e6d1f19eb926503bf877400

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff71a2c0821a6a67099b9a902d2d1cd3

SHA1
dee70fd1a420d56ef770e05d7e0b04ce119cced9

SHA256
14e7ab0f1404838dfb251879e2f8d2f2fae2b233364337584707692f8dbe7c30

SHA512
6dee9f8e7ae1913a90cfd725ff4d21ffe3a9f040ff6b4b3a806b43de2c899074159e25397c50011bec021429e2710f3fd60f2faa93b4d2a9c76be7938e154368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03f0d2646c2b4e63df366dd7be487675

SHA1
2d34803a294ee2d32e28dc18c29b556dfec3e129

SHA256
7e9ac7cb6a0ddca7051c528cf3d65e69fa691ab200dc5422ef8353252e8e7c9b

SHA512
1156e6a3ab1b764ec336b9f7792503768016b78ed6d9643590b849ef583bd1870155d931586e4c40d8f4caf8d4cefed5eb419b71bc3f5a426d3c7bebaa314a02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae173f63424da655910efdd90d67898b

SHA1
9feb27c883d56c89f9fdeb3dc37548889f06b9fe

SHA256
279271273c26c02a1b7ab326ff50325293c8b486379cdd4350c1d67729df210e

SHA512
2ed6f053d15b60ad464d19fbe2b173aa5172d472b8a59606f19d8d24efccf8319ed7f84b26e8d62fd37b2099746923e0d2d662228b8658e7eae049423308bb1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
515d467c0676fcdde90b0948ab6e7a29

SHA1
b2e19a99e1142c61c58611c9d31a80c13c251c45

SHA256
180809560a394fc7aee55229c1a40e92933fb4cdde0c7d078b973b6a86a837eb

SHA512
224a9dbcdaf16375a6af57eebb1fc726b14c3c81cd393d5c18e224aeeb6e01db8260ffa3259600c824ded1316ac87f682fd90398d41d421cc1b20cb7a6728e2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef2f94be8e7e23a760afd9ff8a9b9fa8

SHA1
4fd4e170b3b92eecac1a866079baf41f4d4356e1

SHA256
bea00f42ca3ec9167c20d10b16f7f91e5dc084800567dc959b0b56202eae0be0

SHA512
defad33b0aad076f70a95db6b94428c07ffc82463f4f59fd0ea40d7f703fcbe25d46093704f357ad2cc7c7e7b63426f09ffdb7b7fe1a4e7c6db4b04210035bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4f4e1cd3c8cabf736a76f520b19f768

SHA1
ad67764b7da54bc86f3e245b0f770ed00d6307df

SHA256
f379c1bac410a7821592a692cf58ee430670a914e5d2fdcf1a832bf946d531fd

SHA512
39865f438ab99a554f9ec6435505a98cb377d5d6d5da27dc63527e43f61c84e39dae6ba8e2f4958519cb77e4761c03f2c46a2190706fe843f2f6ecc0f0a9cdc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a47747b0e5f9fb1ad0193c5ccebcf18

SHA1
a7f415b60563a99c11be0009fdbf28a0dc77b539

SHA256
72c8e37e1627946766db978ae38dbe0b8093249322c6ec5ba209a3bd9dec5b91

SHA512
17ea0e5948372eed77295b931d98b5ae5c98e6f6fbef2160800cb03e9eab212db0b6828fe1de071119cf80a6ab4905c2897f5ca2bce371787962d677f174e4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f619b77adbf2981ff10faebecf6fafb

SHA1
1df385a2bf5eed2927270b9cd2dd3cbe55310f31

SHA256
dfa5925a1b5a083ff05c8990d4a6e65258a1dda2f0d35f8e1558cdf7895c0f27

SHA512
9a683edb039d24c83cfc309cc8a932e884480a4b47f3deaa72e7890ba6075a5cc94ce1e5025820824c99bfd23a8ceedcfefd714148aa8e5a36cb7a2790d08ae7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbb0e6fcdbab79a3f6878aa8fdf5b42a

SHA1
40d711147e058d6d1d67f1ee3a944576e2038798

SHA256
31fb9f2361392db13c45e6bd06f6d802af00bc5e00d8b3a11d471823d6fc218b

SHA512
14b9e4262bad44d9d780e4f42eb772cbf682a3b9f14783395ee28fcb7482df274afa39ac0bb71b6b01725c1102988676db3f27cf21ca24dd14921668cc88707c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c2b86d3f2d2a3165ca53174b89104a8

SHA1
932af62a16739c181733707b33fc562562f4bce9

SHA256
6b0f108ea03cb050925ebba50bea3c6e13cc63465487a794cfa9e6df8e8e972f

SHA512
87e8e94b4b9aadbeae73f768c20c41b0aa0a196ded5054fae151bdaf7b069ec39e6c067813de3bb2ad953aaf092535241dfcf471cbf007a428194a19d0a5ac49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f82f2bc9013e3e49adadffe9f59f446

SHA1
38632f7cc2271854acac3adbc1876e1097d4de5f

SHA256
a6eefec648fc9bcad2232c77cd0b1cfb13f71ff5d1f97768d3d856359984dacc

SHA512
ac65002ab4933ef9c516a2570ec37009939ee42365ab470c969686d66bc9201f2aba179d9aaee1df3dd8bffc5264dead42952d474ddcf4694575e7bc9b5929b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd943a0f27bf04eba03ceb9fbe21974e

SHA1
17d14a2694b92cf70017eef530522b3e70681d7d

SHA256
220345fe118ffd0ee63bf079a9deda873a6c1291ceba0fb9ae61e4fb0330f7aa

SHA512
7e91e7eaa48b7a49b6fcbf6099a1982f7cf42643baf703039b4b14ad92b52a2c87d816b988c86b90b348a9d4607b660d002a869c5ea4ea49f70ca6f36134df62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4081a9a8e22d83d4ac9af52e95297942

SHA1
3a784d38313a30791b97e5049174b8533d61304d

SHA256
152e2c00dc26deecca0a138bbac64c359f29222944ec1f38708aaa49de75163f

SHA512
95ed8e1d9b4848b97a3756b4cf1427e704846e16cd9ef4490ebc5ca8a0371f0254dbc0f7e70beb3aec6f7bf75337bb7cc5bfc649a6499094872e35fa3301932a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31d3d4230f3f72c5712f25978dc05407

SHA1
5b2eb479e79f6be1c96acfc2e2780a17379b7846

SHA256
094ae1b21d2b1e376864b7dda654e28b316c40b6966b6324ee8f0515132b47ba

SHA512
162d2559b647a2064b1c8b3ad175c2415e92d6abbb2c4468a2914558d92bbace950a9cf2043c7871baa77965ce2ecd3ecdcf3e9033ebe0d22f2b2215c164c1f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5383f72fbc736295f831e56c502b64be

SHA1
ce8940acc5bb4f3d9473a04ae451c965e43dff47

SHA256
3f604f289bfbfc2c51adcbb6b0206f5edf25069a7a35e9abb7db92b2dcc39f1a

SHA512
e398f5d71d930de3a9d2e6164df03ee76c13a2185ceff36bac9351220f8326589382611020d26ad56f930bd49a6b586bc5a19dd045020ecca6c3a12e9628775d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82d5b2c7982cc7f03fdc9fe90b4059d5

SHA1
7b96e8aa235240d4572fd8aaf33963f0faefc57a

SHA256
fd22172dba1925ae447efac9e1b77c0bb9e1509df6fc017f05fdab26016cdf87

SHA512
5829921774ff67b0574ba070d6d44c797bf7ddd01ef50698ffb24f1543bdc63824bd52c5b1401a464edaa46b63f98033d492033d36306d4d9b0f37e241bd42bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
315417f8091da97118dbb8b6f806db23

SHA1
73d2adcfe0c9a161e218aa138eef7a6326f239bb

SHA256
932f99d1c2dac5abbe6d2aada81634d02c874ad163b2cd751acc82d40063c4f4

SHA512
3927d5f81cad4b6fe885deb8859a7adc7d670448fdd27809a72b15f96a0ee62f68e3883275282c6e1b90abfe6a0df13138874f96b5caa1737245825ea47fb746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bc598f3763fbb8c04f05ee32ec51b6b

SHA1
396477cdc893a2a328ecffaa0c2ad66b517d28d2

SHA256
0d6552f3e66e6ac28087ec140276d56601d0e4bf42964067102499b883852a87

SHA512
d8560f3c77a70f08c915ff65a51afaf63ee47b08c48d8b60b76462f62b4083f0589bc57ddb694384dcc5faba21edfc768d4ae4bd994d79ddcd248e84ef954cfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
655dd046b6e0f910dbba993a889bba8b

SHA1
bb5911829bbecc4f136705853886d751009d817b

SHA256
35e7eabf45ac33d84774083f9ace51cc3cde0f058ddb7d9c3d6da66213b7586a

SHA512
38a67e2e97ebe078f67672da1ba9ce65e964b967f82abf39a1da6daea2ca2d5a8eee730c0532799639e101ee246583e8b1186c87a372e6c4e9f7ffb375894a23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80c9cc89b8ee07eeb037eef694cbed8f

SHA1
2b2574fadc41cf52244d8417f9dabe28ba8dac80

SHA256
74fabbc52f30db0a4f423537f1527122fd61615bfa4e3fc5c664d95f84046dca

SHA512
96b825a925f832aa4785f273feff57c0ea60e6ab175a9802ab3e2b429aec01c20c7f1ae269f2635301aedda0f2b24b9b436c16abd2074f670e2c93c83ae207fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A79A94C1-FE29-11EE-9F86-7EEA931DE775}.dat

Filesize
4KB

MD5
7be182f6c96c3d0c0d2ca787dfcb77de

SHA1
ce188f4f5b1e7c9ad936d21b748ca963c94efbec

SHA256
1e4780e560be7c59d48bee32358389fd99720b3b703e240b8d6f0e59e91c3cb3

SHA512
33e86ecf358d4337ebcb28eeef2f02e33cf723d3bae72030acb894fb5039da2c76b4e5c37dc6acb803100ac7fe4993d5395128a1a207d84a320abcc50fff6658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A79CF621-FE29-11EE-9F86-7EEA931DE775}.dat

Filesize
5KB

MD5
e798a116d8c06834d2ece29a678708f4

SHA1
32e6f93b5e90b8239f818af7f24733307032e40d

SHA256
607f1ea9e5d7241f9e670d871393a80457d5b4eede94281420d9580420a685f7

SHA512
889fa297ed8a165f2e2c6f6abf19c1b84a0d79740595cf57e87a4ce68d1c01c3ed2ecc015a5c868585b6c2c98d95333854caba1fa42ce2b39c3c9a997ee0b834

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab53AF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5490.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit