Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 01:40
Static task
static1
Behavioral task
behavioral1
Sample
934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
934e20907cb0dfc181931301ef4c56d8
-
SHA1
67f60d87ec04aa0ce942962ce1ee68afed245c35
-
SHA256
c4afee9a75767dc43d5054a38928d884949a7626d3c3b514090bfde20d4224e2
-
SHA512
da72844979883088763ce2f596bf187e62456ce673a053c227127b39bea9a24abd90684b72887cc8bf0d277d97b4bbae3c7fac30331258d5adc8669a05844971
-
SSDEEP
12288:WsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQ7D:tV4W8hqBYgnBLfVqx1Wjk2D
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 760 cmd.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
IEXPLORE.EXE934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7d20805bef455499e826b657be168ee0000000002000000000010660000000100002000000030765608350da7f8179497c6a103c70978a18bba2eb5ab63bf25b4e783445d8a000000000e800000000200002000000070b1839b7cf081d56108e22d6c08c26ddf8868d56e0ffa1760810e28a3cf454f90000000a7a1bd3529789f49cf7499709f91755ef39d8699147ec67185dc4570c29819e59872f6efbe28b6a3ff6964ee76882cc5045f14a484b1d9cebf64adab969903973ffd9113f0b7dd92c5ee06fa367f253b5e8edcdb23db99ccd002fbf665c4ed66321faedb57ee16b3918e2c13e5a35e2480604baf6a44c6f84868f621f3c2e0b2e7d37484a010f560fdbe954ff366e66340000000b2d2f0fc80b7e2720ce6f317c29c03f91033c90a48daf41fda698b8e2ad3026a5338a4af97ee0a7b5de3923b0aafc5c682993c6c6a80393507ac46e143343f66 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{13EF9962-56FD-4543-B76D-020AA80FD92C}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchglnn.com IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchglnn.com\NumberOfSubdomains = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{13EF9962-56FD-4543-B76D-020AA80FD92C}\DisplayName = "Search" 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7071354520b6da01 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6DD2A0D1-2213-11EF-9F01-52C7B7C5B073} = "0" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423627103" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{13EF9962-56FD-4543-B76D-020AA80FD92C} 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{13EF9962-56FD-4543-B76D-020AA80FD92C}\URL = "http://search.searchglnn.com/s?uid=f64f4d04-851c-459c-9401-f795046c26a7&uc=20180504&ap=appfocus7&source=4982-bb9&i_id=news__1.30&query={searchTerms}" 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7d20805bef455499e826b657be168ee00000000020000000000106600000001000020000000dbe53958c3204690e95d438f387242d186cfe727ed9a901d3b32e61b83bf15b7000000000e8000000002000020000000e5fa0a02cc0098bc534e49a491f51829236c21f2ea23d57428573e306fccc39520000000d1854ffab60867b733fed2aba836332241c58e3b5c6e29f9754deb371794d98a40000000d582e4d1cc9777104f72b90148159b6fb7812225eede92dc93da82dc601751959141ac1dc17e3d7f5a17849129890a97142edcb69404f55670f84b0a33c86b54 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
Processes:
934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchglnn.com/?uid=f64f4d04-851c-459c-9401-f795046c26a7&uc=20180504&ap=appfocus7&source=4982-bb9&i_id=news__1.30" 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
IEXPLORE.EXEpid process 2584 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
IEXPLORE.EXEIEXPLORE.EXEpid process 2584 IEXPLORE.EXE 2584 IEXPLORE.EXE 2640 IEXPLORE.EXE 2640 IEXPLORE.EXE 2640 IEXPLORE.EXE 2640 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 16 IoCs
Processes:
934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exeIEXPLORE.EXEcmd.exedescription pid process target process PID 2756 wrote to memory of 2584 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe IEXPLORE.EXE PID 2756 wrote to memory of 2584 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe IEXPLORE.EXE PID 2756 wrote to memory of 2584 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe IEXPLORE.EXE PID 2756 wrote to memory of 2584 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe IEXPLORE.EXE PID 2584 wrote to memory of 2640 2584 IEXPLORE.EXE IEXPLORE.EXE PID 2584 wrote to memory of 2640 2584 IEXPLORE.EXE IEXPLORE.EXE PID 2584 wrote to memory of 2640 2584 IEXPLORE.EXE IEXPLORE.EXE PID 2584 wrote to memory of 2640 2584 IEXPLORE.EXE IEXPLORE.EXE PID 2756 wrote to memory of 760 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe cmd.exe PID 2756 wrote to memory of 760 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe cmd.exe PID 2756 wrote to memory of 760 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe cmd.exe PID 2756 wrote to memory of 760 2756 934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe cmd.exe PID 760 wrote to memory of 2580 760 cmd.exe PING.EXE PID 760 wrote to memory of 2580 760 cmd.exe PING.EXE PID 760 wrote to memory of 2580 760 cmd.exe PING.EXE PID 760 wrote to memory of 2580 760 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe"1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchglnn.com/?uid=f64f4d04-851c-459c-9401-f795046c26a7&uc=20180504&ap=appfocus7&source=4982-bb9&i_id=news__1.302⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2640
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe" EXIT2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
PID:760 -
C:\Windows\SysWOW64\PING.EXEPING 1.1.1.1 -n 1 -w 10003⤵
- Runs ping.exe
PID:2580
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
Filesize1KB
MD5b6dc5a28e5e5ce165b643dfa2c13468e
SHA1929e9dd76dd21e0c7153dc5a25c886d41cd0ead4
SHA256f876e2578167c45b05ed28f03bd4cbd69003b467cc94f131f91f733a18911a24
SHA51201e2f3534d0452f07e09b545c35bd7263e48922fe978772e4aebf2cce5c994cfad89a1d19a4953ad90077e14f85f65bde7ad1e88cf87646288cb3decf3ae570b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
Filesize471B
MD58ee52c7048448d8a2ac2c9db223b3c71
SHA113dd8f8c3ebc842b5e697d85967f1e98c45a59d2
SHA2567f098951aed2fd21ffa932e59f34c120652712e936f41eafb84bff56c6818727
SHA5129a96988e4ed05e884c66933058e4780fee097950853c00a1c91e891e44baed353257478fe36b552c5639b17480d4af031ac28bbf5d0da895f82a6ec169a18fb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize2KB
MD5268a36064c6995e9bcd9056880f6efc5
SHA18f5f3df1fb75c57aada7a6abed09b4317aebf1a1
SHA2560c8506413fcfc7f2f2571a8482c6e9a7f66a28ffd24174cf2d9ebf934d522363
SHA5129d5b1458e59abe79ac6196f40b53f99574f08aa7da6784152175cf7b674648b994b0f0f3bd14a80e6063078bcf9f4d1b22f1facbc06d10b8f0383c0c38d848b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize1KB
MD5128a5a5241e3fb181b3fc3957abd2500
SHA142488f4458d6aa8f13474fb0146febc9309fb8b6
SHA256f233e235db5454c7ead0fa5e6af32f9600ecd7a3bed95a2556c947c9246962bc
SHA51274355c8c1e1426b7bd104d8c24fab427ce633dc583c75391ca011c7a2a31e747c983e0f300bb96cefcd592b5eea576bf20ea62d0d7203e8130057eca83affcab
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD5c56815a9e144dc1e82df5cb0eaf0dbcf
SHA19cfc430be084ee5dd0f5e81eee22b2b793651f87
SHA2568f1741205cd123a2121a71bd231c4fe6382ebd6a579c020839b30e2a83bcf281
SHA512f88b3156fe35f991c38a7b511cfb87da50a435de7145fcace751e344fd94e22970b1b7160ae3332014613d212ef221fb7b31774cffeff6dd814e4c9a0232a484
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5516a200582077c70d5ae927ee599304b
SHA1a375f4d5195310ff75c93954487feb14f952bc12
SHA256e17ec9a3bbe7718e2cd4f274c61e511407e8048b671774dcd983f949634c23ee
SHA5120a00a00ca0d24392c164ac46115f2880a6e2d59cefa5a4ddbf06ff87f3da4395d215df3ba00aba5a43f0c78962c4b50e9f70a124e77061971e7390da9bfad404
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5c7c7b6531f6c200dc0c43f95ec6937
SHA176be850ff48af9b4f6fb2974dc6aa7e1eb8c4f68
SHA2566a154082b0215549ea027c72b6974f44ea5e1bcae94ed2e463ea487e688f09ed
SHA5124398a71fd1a38a0d7fec1e80a2ef938dd78cc6fb86238c0288ee37dec7ec2377ceea0730ade4513ac4e5ca3f7354e42029e473075bb0bcb4083ae928ac7a7065
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557ed36cb09e4abd66856e85dfb0c35ef
SHA19511df46b92909993835282c8f4005ba9f2c6b8d
SHA2567d508f9f875eb955a24bd92b8ccb6da446736bc5ea6d800022157656280ffdd9
SHA5126ff57fa9eef1b1386b5f14e90941e37bd281a23050ef31d6b1a85fb1ec31cc971f51ef958be6ca331858adb22ebbee92a2591d30b57d6e4f462c035878f42f7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5282996b40be12c541e9f0a5fe9937ede
SHA1fb89847cf48275ac3f72cabef0c86cd4821bada5
SHA256be4b0f90bc7abc051a378477173b75aaa0baccd3ce89d7f88736f191d4da858f
SHA512581767b0957b4dd5bfa46dd28f682099219e056193b3a86f81b13bb6ba3a073bc4d66a2d560f4cd7b30d990668344575db4ead23c8b423ce2a00d91e64f1e1af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574ac7d90b1b18e2c6226471263aa4d38
SHA1672f1a93274d61d7d08cbf666a41354a58434b85
SHA256eb12bce0159782503565fde173d49fa5996d8afec6153804a4907b154e4609fb
SHA512763bcb1a4473c93359a671b0073f1459a655da377a656f81ef0bc2f551878d8dc3c0e54d2476385716eb7b47293f16b8c7a555de49da18b6c07c850720cb6d4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566cfd202d18c9d447e2fabc691b562db
SHA131c3e7c26bd0556bbef2774a29457c03a8ee9181
SHA25666d33cd80fae76f6a4527b35b256d04336990646bef7050b993ac4fd39a39910
SHA5127e6432526b1ec5fe4692ef4a7bbf040b60a2b8de5095cb586b363d3374ea7e6673f194bf9397437fce3e0efa4d0c27debf977a975480328204c27b32c5908966
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f5d50a13795eccb4bbd66d872de29109
SHA14ae7c79434043f860e2dd05a4f362d8055b2c6f6
SHA2561db20a60c9bf3a4ddb6a098eb77742834e1af5b28cc56befd01054fc10fdd2a8
SHA512b67d7218fbccf8d29965fb5640ef92b0d05367f5dc8f6677acb679af7c23d5b520f164047ec2962a8cd0342d692ff881125bcd0c4afc77670478c30d3d9e29a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546b49f556e0d6809706478071a0c00ce
SHA1de0fbea6cebe54b8ba5e99535c0c888f6cc65e6c
SHA256f8cc3e0d4ae59af0fdae15a4c0b6ebee50d3f9ea93c800ebb5065901d29976e2
SHA512025b6ea63d75d664430a535736a36b0ddb286a8e766d518c850fd80bc6edfbe68a6493fae91126b1b5249e90d9578ad4fa3a10ba98d26209e05db9e3cbaba233
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b502a12f4a2fb31f19a28411fc84683
SHA19167964938c826ba7321831729d5ad8d12f7ad56
SHA256902334c573d905655fc789e5f9484696306e8ac9f3c9796d700b9e9c92e57a1b
SHA512686384f549a756be1c815ee5ec6475fca325d17810fd4934735db57c6832e425dfede7b70f599efb343a0141be77eff303059d75fb663880ac6d06776fe18bfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581ab57fc053f9bbb30f91583c75217a1
SHA1409a11f28974bac3e4a2910bff862e42aae5367b
SHA256da0c945160510044484ffeba83e1ff6bdeb36da0c10eda6aeb426c2874ad878d
SHA512facc04b6fc46471bfaee1a123da261c84e3d7c5cf90ca66af1ca88b3b00ca247500ecbfcdf1ef95bd3dea64cc55575ccba4a3320daf57ab39b365f838b609b1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5400292ffe1f6eb24f1bdbe55fbd560bd
SHA1583a4e62d4cd6e9295758c11153567ae84faec46
SHA2560764ae0be66fb7a3fce55806d3ca396223b1792b3552d29788a59fd912c18be1
SHA51260d57036e109706a61fc9a7b940a853b722f90c1f9c1ef616ac46c25fcd25fd4313456990057cdb5b7e320c851cb1962ce40a614dee2a3b04c93be6c0d4c5efb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5955c908ef1f56631b3203f0c68916028
SHA1dd9e141ad8b54bfc0c6752c1345fd9a0e9e6d3fb
SHA256dcd43b4b96b11804bab52e4270d7b91a5e7f1f500c11ea8cb8afb818527ce3bc
SHA512d46e34eac567b4f637af7f072938a20e5882cdcdaa6b11298da311cd0bb3b6e54cf5e43743fb15e27d6265494c91f5defdfadb7b0597013883db724040668e98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8a5622fae66f2bcf1e92fc1b61a3c42
SHA10146022d7681890812ea52071469424e132c083b
SHA2569b8da5898fbcd2a5242de64aee9a0ab35638d969f6f70216d2173266fc0528e3
SHA512e8947974d03535065adf2e22dd54d8b9772a8ec7a732df4d5d50fa29b7c8b5f8969b9799b3466306e5de2f1f7264097c9fca80f64c819abd1064d644e4cd1cfb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f6d4f156415679d65a2be44b03d3f81
SHA19a03d58b0b22a4bf1528b70e7944fa243e8d0aec
SHA256d78e6bdda90098f7d48d1ed0ea213efcdd2c6554d334b880f6901acf952c32e9
SHA512991b6748243ab0e346fd2f5aab0e81496a099d6eeff5cbf4ddc4dfc3387ffe61c638f9ed09bff33e78b031082e4767cb7c146a8af73580b322089ad5f2fb3800
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c26306b35d6695e008b1191d4d86610c
SHA1e3c4fb1365d593c37ced7beb3e7bf41df0dbd1cd
SHA25686bec57cfcff74f4cd95a0c7ad48b11909839fb7d989ed5f0a6509c992057b17
SHA512e420d8525a9a1946a55c81a13f7d180a4f9508a0689967dbd9434b4f97f3b9fb002eb6a1471e6286752a3a9e1c69ea86fe21c8b86afb0c41dee1d69c3b6ba21d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58092d9219745fec341f7d95a415eb01b
SHA17d196036726300ec29e265947dbf279f4a15bf4c
SHA256be0d4f54d931a56d8f8d1cbed9aa94ef61b27c3b620626610d87b6ce19283440
SHA512f07a78c2211949603719b4d3e2b22e624d4c7e763951c5c17f6980c53d85e2acfee96d205bdf91ac7fc14f0c5b22da23fdd50af2070b95fba6c477da03657c79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1e6a865074d0349549b1258c6b373e0
SHA100e40ffd711d2d80b1ae40e8ccaf073d3ef8bfae
SHA256366adb35abe0048cfbef12b0533cdc6bbfab75977468d20df5de13e694a2b924
SHA512489998cce1ce416974ffa742839e8e8040ee0a14ea79967a951d8962ae1f582024ecd2a3bae99f4244d2e0743a3c4f7eebabb38f808484f1a2e3fdd4eca5a7d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD555f5bd5c90e2785cc87e2c862efd5383
SHA169618c4d85567231ca5a9b387371680a39b4426a
SHA2564f4bc7e8861aece00e9f38bc78718d419e9b27f57ff1aac7c9a3de465088ed01
SHA512120784cf614959dd538964d4515f2180c30928b3fb84222da5ec299941061136842cf6ef1e20eb2f0f73009ab661ae52b199e68b7324b51f4deca7a42bc9625e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5244068e4be550f9e409ebc9e02bcc9e5
SHA1b975eb7959e7356d940122edb5c817bfd146e401
SHA2568a22f982b8a3a6149902e7356116c7c807bdd9441231dda1712dcc9c5c3cb401
SHA5125ce3c4bf530f3efcf769c9a74e0d8ccaab22e76a597834bb83a6d8cd9e03c97c6df8a50f93822f89cdc63059b9d91ff83cb41b78e5272cc19a432c5186faebb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5307bdbffccf1532e98d0d5121ef4de05
SHA19424bb8e16eff727a64d331c5a0257b7f628e4fb
SHA2566d9d2bc084bf01daee1f56c3c9d81f56e43be404e1bb09250d071af232dffd39
SHA5122715596ef3cde921474dddcbc2851ff56addf12e0fffcd0bbd714c302fb07939a874d6ae695600c32686405e7c575ce9baf150d133c312e91ece13c58c927a12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52243f040791791c324dc4b186e9606f2
SHA1beb85f0e453f1b1d45b5be8bf5361b0ff8b738ae
SHA256a4a3ec3ed16bf0697163cbbad01a7845073b7228ec6c41561a371e8599ced399
SHA512fa42b3d04edfc463857b1eeb114c328f796f55454983b8d0ef09b5fedd9509bc066658ce10ed2e20f1659f31b564b5b1abb48ac9a63975ce06a5492eedc343af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a232e0c7beb99b7b4a0468c0fc81a2ca
SHA11ba3e71ebac60cdfc39132f6471516648d59b84a
SHA2568c77cf61252d0016068fdd01b95b1307132644e2d003454bf8ca2fcee59af009
SHA5122a64d91fa4397b1f70a5f0291932e71de19d3070e934adc45cdeea44fb8c921bf57e1ccf1dd3f3ac3b078a19636997462ee645aae86b433438e0d5c18e5ffb76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500d020442e11452347002c19f8d673f6
SHA16f250dbe280ac70ad98e34b66f9c2a3b0ffe24b1
SHA256236ea9042ab89533dc2c04fffd1c138b44a08c11d69324da161a9c9eebd75956
SHA5126fa412ed455764eaeb3514816a568cc913ba2c19dd5dfea6b9da653636fbe5b9345ffab3c8a6e2191671b4e6518d1dd884f12e8785f01a60bd938ac0fdf752b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD505ba098c51b4af09e01f6e0c0791c9a0
SHA16bbd686b79f8c9429ac97e604fe6027e3dd5751e
SHA25613d3eea32732f2fff795fe4eb41c1fb02f8a809bad678d9326d5eee7ec179785
SHA512813bd425601c8377a1a77a6fef240a3bbf94f7d5f2e23d2211d37302359a3a971b06cd277e539eee4b4b7ac08650f435c362adf4f821578a4f1fe084788f0cbd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD562645ce23bd2e56d9fab35e8f93e4e39
SHA191d20d4da03a4cacd77c2836896226b586f6f73c
SHA2561737f231f113a23a7d1db3efe0facc1af28e60f5f4d84dfec44817fc7d0825fa
SHA5123d00fbd35a224ff1f514e0b111c97149b4cc2ff1d052cad8adbff98b8edc2a6319002482b213b085f92adc2a547717d6bc581fbe9202c2d9bfd72f813d224c23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eaf8075175d260886a8735c7fd52db5b
SHA1c9b395eb0ab4b8ac8e6ce2f302aef178d5fcad67
SHA2569324e6348394d6fa79f1a326bee085a37e2c10f3717e17ef18e1e84a5052f3fa
SHA512caa63e182b1d3f00c6cf667df59aacabb837173ba6afeed8dfe4a85ad1c68e0b7cd6966649ce4c29fef983ad5cd249f1b3c32cfa91309cd247448d4be97c05b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3c3a7796cde9d72231445785ebc2f8c
SHA1f47f5d353aba425f3d7d978f2fa5f0a632378bfc
SHA256ac2b750e2a8dfb7eb602adcecf0f66c3db6e8d551a6c40b9755eb3a5442fc957
SHA51215dde19f491cd8bd15e8025ffa15a4e95891f0cf14c8be89fd656bfab009fd24f1ac93bdfb987d1de5092967bd453e6194a28b382188a62cd24d2cb1b130f80a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5e0d0650b2685c1cffe545efff7f84a
SHA1053151d8a6608d44949378dded06b8de4fde09d9
SHA2560c5c820c9996e3a000f3476601a1c281df4889af867989f3fa8282dac85c4f81
SHA512e2429b415f97fe9e0ca83ef029666d196e57c553660334d346346e679b8ad274013ded6cb6342ce7ee42ac7178162a08c28cba1daadb4c3bcdfef531be874643
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
Filesize408B
MD578b38423204f45960ebbf6c990a1e13f
SHA157f8aebe5c9cc7a5d9d8512fa564eafc21288ece
SHA2566b77030b77ea16672ea811be322b2a7baff95f67269bd3b424497de78863a149
SHA512a187c18858f7ea5b0f57b50d94c605efd98d8f6ab3cc2d704e89e990d2c171bb9aaf1c9ae07abbd0181eca8d1b8f682da65a60ecf737edbaa9e47692afaa0d34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize458B
MD5e40095102d023745a7aae2a1bfe3f13e
SHA156fe6592183f89596ea53765cba7be97d193e4d3
SHA2562f88cdaa4609884de6167186023c8a22322dad2225f21e435bbcdf9bc983fc0c
SHA5128975f676f43c3f830b45cf92c82cf38c837ad1fc334bac574b4df67ec1610b5685251e7a2e86085422409cff49505168b0150a829a93094453ebb4daf3b532ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5bacae65a9c128bf0a55a545825d78dd0
SHA19c9096ead8e11f1290f03b49f0d8fff8999e35d8
SHA25668f40d5a65da261ed6fc0cfb65f39a617eaf0a8a7927257afdb3fc12b1df249f
SHA5129a680ca58c9d447613eb107d07063476012d2841c1b584fac39799a130e5255133f7ee2543164e6bff7b518760a45cbefcc8cf5be641fb5ad1777e5985388051
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD50ec88bec1ea867c86d60027dd31a23d5
SHA13ebfb16afdd1bb233366aed018757805ed2e6ac5
SHA256a7eb7173812e074b5756c86cc10c9b3eb0c0039613b7c3c00f61c0f41db0a9ba
SHA512cca59ad3a3a55c660a9c3682cb3bc1772095d304f10b7eb6cb94466cfe7fe1adb934cbc2551dabdce338aea801387ce3d83d9415bbc07d36c437ba0d5d14facf
-
Filesize
110KB
MD57e9a777b7d49793f0dc5ef33c15a758b
SHA1add322ef90ba7ca522156cc77023e13d21b13bc7
SHA256b7e90d104bed853aa1f10f4b3e919ade8c93c4c30a0c03f2184cd8f17b8a5f31
SHA5126408a2b1cb34f2716a845726691844e3f040c2ccf4aaa75e83f52506793541e39084e2a36769e06345227ea3dbd1d077d3d657436e1d7aa119021b5463967e1e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\favicon[1].ico
Filesize109KB
MD5504432c83a7a355782213f5aa620b13f
SHA1faba34469d9f116310c066caf098ecf9441147f1
SHA256df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\js[3].js
Filesize193KB
MD5641764f15e6f5ebc9a124bc40e356c7b
SHA1ad589061d0f5a4cb92cceacf5b143b0686e20d3f
SHA256e57c24501a059b8480abfbcdb806c6fe28088e9bc8c3122b2acffd1ba35dc2a9
SHA5124d1d3da9331b4ef510d7dc4c9e57611a7824544f5401b5b07287bd242addad88dc656d49eb71a8148ea9b17feef5551411f7fc13ebafac0048a271734f3f549d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
681B
MD52eae30d39581ec26361123079f33b413
SHA1224c6de7a18f14cb53fd3336f8f1399e690040dc
SHA256ad1c8c5568543538251cca454c643b5b5fcaa637cbd79b88105a4e740a44dc2f
SHA512d4c22a631b079efe7a5919b4eb678a31d200360b3c9144590067aa61d98754deafe1ffeb4555271b2f075efe169b30f733b1a13844d907c5ed6d27f3fac46427