Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 01:40

General

  • Target

    934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    934e20907cb0dfc181931301ef4c56d8

  • SHA1

    67f60d87ec04aa0ce942962ce1ee68afed245c35

  • SHA256

    c4afee9a75767dc43d5054a38928d884949a7626d3c3b514090bfde20d4224e2

  • SHA512

    da72844979883088763ce2f596bf187e62456ce673a053c227127b39bea9a24abd90684b72887cc8bf0d277d97b4bbae3c7fac30331258d5adc8669a05844971

  • SSDEEP

    12288:WsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQ7D:tV4W8hqBYgnBLfVqx1Wjk2D

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchglnn.com/?uid=f64f4d04-851c-459c-9401-f795046c26a7&uc=20180504&ap=appfocus7&source=4982-bb9&i_id=news__1.30
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\934e20907cb0dfc181931301ef4c56d8_JaffaCakes118.exe" EXIT
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:760
      • C:\Windows\SysWOW64\PING.EXE
        PING 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

    Filesize

    1KB

    MD5

    b6dc5a28e5e5ce165b643dfa2c13468e

    SHA1

    929e9dd76dd21e0c7153dc5a25c886d41cd0ead4

    SHA256

    f876e2578167c45b05ed28f03bd4cbd69003b467cc94f131f91f733a18911a24

    SHA512

    01e2f3534d0452f07e09b545c35bd7263e48922fe978772e4aebf2cce5c994cfad89a1d19a4953ad90077e14f85f65bde7ad1e88cf87646288cb3decf3ae570b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

    Filesize

    471B

    MD5

    8ee52c7048448d8a2ac2c9db223b3c71

    SHA1

    13dd8f8c3ebc842b5e697d85967f1e98c45a59d2

    SHA256

    7f098951aed2fd21ffa932e59f34c120652712e936f41eafb84bff56c6818727

    SHA512

    9a96988e4ed05e884c66933058e4780fee097950853c00a1c91e891e44baed353257478fe36b552c5639b17480d4af031ac28bbf5d0da895f82a6ec169a18fb5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

    Filesize

    2KB

    MD5

    268a36064c6995e9bcd9056880f6efc5

    SHA1

    8f5f3df1fb75c57aada7a6abed09b4317aebf1a1

    SHA256

    0c8506413fcfc7f2f2571a8482c6e9a7f66a28ffd24174cf2d9ebf934d522363

    SHA512

    9d5b1458e59abe79ac6196f40b53f99574f08aa7da6784152175cf7b674648b994b0f0f3bd14a80e6063078bcf9f4d1b22f1facbc06d10b8f0383c0c38d848b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

    Filesize

    1KB

    MD5

    128a5a5241e3fb181b3fc3957abd2500

    SHA1

    42488f4458d6aa8f13474fb0146febc9309fb8b6

    SHA256

    f233e235db5454c7ead0fa5e6af32f9600ecd7a3bed95a2556c947c9246962bc

    SHA512

    74355c8c1e1426b7bd104d8c24fab427ce633dc583c75391ca011c7a2a31e747c983e0f300bb96cefcd592b5eea576bf20ea62d0d7203e8130057eca83affcab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    c56815a9e144dc1e82df5cb0eaf0dbcf

    SHA1

    9cfc430be084ee5dd0f5e81eee22b2b793651f87

    SHA256

    8f1741205cd123a2121a71bd231c4fe6382ebd6a579c020839b30e2a83bcf281

    SHA512

    f88b3156fe35f991c38a7b511cfb87da50a435de7145fcace751e344fd94e22970b1b7160ae3332014613d212ef221fb7b31774cffeff6dd814e4c9a0232a484

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    516a200582077c70d5ae927ee599304b

    SHA1

    a375f4d5195310ff75c93954487feb14f952bc12

    SHA256

    e17ec9a3bbe7718e2cd4f274c61e511407e8048b671774dcd983f949634c23ee

    SHA512

    0a00a00ca0d24392c164ac46115f2880a6e2d59cefa5a4ddbf06ff87f3da4395d215df3ba00aba5a43f0c78962c4b50e9f70a124e77061971e7390da9bfad404

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5c7c7b6531f6c200dc0c43f95ec6937

    SHA1

    76be850ff48af9b4f6fb2974dc6aa7e1eb8c4f68

    SHA256

    6a154082b0215549ea027c72b6974f44ea5e1bcae94ed2e463ea487e688f09ed

    SHA512

    4398a71fd1a38a0d7fec1e80a2ef938dd78cc6fb86238c0288ee37dec7ec2377ceea0730ade4513ac4e5ca3f7354e42029e473075bb0bcb4083ae928ac7a7065

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    57ed36cb09e4abd66856e85dfb0c35ef

    SHA1

    9511df46b92909993835282c8f4005ba9f2c6b8d

    SHA256

    7d508f9f875eb955a24bd92b8ccb6da446736bc5ea6d800022157656280ffdd9

    SHA512

    6ff57fa9eef1b1386b5f14e90941e37bd281a23050ef31d6b1a85fb1ec31cc971f51ef958be6ca331858adb22ebbee92a2591d30b57d6e4f462c035878f42f7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    282996b40be12c541e9f0a5fe9937ede

    SHA1

    fb89847cf48275ac3f72cabef0c86cd4821bada5

    SHA256

    be4b0f90bc7abc051a378477173b75aaa0baccd3ce89d7f88736f191d4da858f

    SHA512

    581767b0957b4dd5bfa46dd28f682099219e056193b3a86f81b13bb6ba3a073bc4d66a2d560f4cd7b30d990668344575db4ead23c8b423ce2a00d91e64f1e1af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74ac7d90b1b18e2c6226471263aa4d38

    SHA1

    672f1a93274d61d7d08cbf666a41354a58434b85

    SHA256

    eb12bce0159782503565fde173d49fa5996d8afec6153804a4907b154e4609fb

    SHA512

    763bcb1a4473c93359a671b0073f1459a655da377a656f81ef0bc2f551878d8dc3c0e54d2476385716eb7b47293f16b8c7a555de49da18b6c07c850720cb6d4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    66cfd202d18c9d447e2fabc691b562db

    SHA1

    31c3e7c26bd0556bbef2774a29457c03a8ee9181

    SHA256

    66d33cd80fae76f6a4527b35b256d04336990646bef7050b993ac4fd39a39910

    SHA512

    7e6432526b1ec5fe4692ef4a7bbf040b60a2b8de5095cb586b363d3374ea7e6673f194bf9397437fce3e0efa4d0c27debf977a975480328204c27b32c5908966

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5d50a13795eccb4bbd66d872de29109

    SHA1

    4ae7c79434043f860e2dd05a4f362d8055b2c6f6

    SHA256

    1db20a60c9bf3a4ddb6a098eb77742834e1af5b28cc56befd01054fc10fdd2a8

    SHA512

    b67d7218fbccf8d29965fb5640ef92b0d05367f5dc8f6677acb679af7c23d5b520f164047ec2962a8cd0342d692ff881125bcd0c4afc77670478c30d3d9e29a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    46b49f556e0d6809706478071a0c00ce

    SHA1

    de0fbea6cebe54b8ba5e99535c0c888f6cc65e6c

    SHA256

    f8cc3e0d4ae59af0fdae15a4c0b6ebee50d3f9ea93c800ebb5065901d29976e2

    SHA512

    025b6ea63d75d664430a535736a36b0ddb286a8e766d518c850fd80bc6edfbe68a6493fae91126b1b5249e90d9578ad4fa3a10ba98d26209e05db9e3cbaba233

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b502a12f4a2fb31f19a28411fc84683

    SHA1

    9167964938c826ba7321831729d5ad8d12f7ad56

    SHA256

    902334c573d905655fc789e5f9484696306e8ac9f3c9796d700b9e9c92e57a1b

    SHA512

    686384f549a756be1c815ee5ec6475fca325d17810fd4934735db57c6832e425dfede7b70f599efb343a0141be77eff303059d75fb663880ac6d06776fe18bfb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    81ab57fc053f9bbb30f91583c75217a1

    SHA1

    409a11f28974bac3e4a2910bff862e42aae5367b

    SHA256

    da0c945160510044484ffeba83e1ff6bdeb36da0c10eda6aeb426c2874ad878d

    SHA512

    facc04b6fc46471bfaee1a123da261c84e3d7c5cf90ca66af1ca88b3b00ca247500ecbfcdf1ef95bd3dea64cc55575ccba4a3320daf57ab39b365f838b609b1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    400292ffe1f6eb24f1bdbe55fbd560bd

    SHA1

    583a4e62d4cd6e9295758c11153567ae84faec46

    SHA256

    0764ae0be66fb7a3fce55806d3ca396223b1792b3552d29788a59fd912c18be1

    SHA512

    60d57036e109706a61fc9a7b940a853b722f90c1f9c1ef616ac46c25fcd25fd4313456990057cdb5b7e320c851cb1962ce40a614dee2a3b04c93be6c0d4c5efb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    955c908ef1f56631b3203f0c68916028

    SHA1

    dd9e141ad8b54bfc0c6752c1345fd9a0e9e6d3fb

    SHA256

    dcd43b4b96b11804bab52e4270d7b91a5e7f1f500c11ea8cb8afb818527ce3bc

    SHA512

    d46e34eac567b4f637af7f072938a20e5882cdcdaa6b11298da311cd0bb3b6e54cf5e43743fb15e27d6265494c91f5defdfadb7b0597013883db724040668e98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8a5622fae66f2bcf1e92fc1b61a3c42

    SHA1

    0146022d7681890812ea52071469424e132c083b

    SHA256

    9b8da5898fbcd2a5242de64aee9a0ab35638d969f6f70216d2173266fc0528e3

    SHA512

    e8947974d03535065adf2e22dd54d8b9772a8ec7a732df4d5d50fa29b7c8b5f8969b9799b3466306e5de2f1f7264097c9fca80f64c819abd1064d644e4cd1cfb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f6d4f156415679d65a2be44b03d3f81

    SHA1

    9a03d58b0b22a4bf1528b70e7944fa243e8d0aec

    SHA256

    d78e6bdda90098f7d48d1ed0ea213efcdd2c6554d334b880f6901acf952c32e9

    SHA512

    991b6748243ab0e346fd2f5aab0e81496a099d6eeff5cbf4ddc4dfc3387ffe61c638f9ed09bff33e78b031082e4767cb7c146a8af73580b322089ad5f2fb3800

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c26306b35d6695e008b1191d4d86610c

    SHA1

    e3c4fb1365d593c37ced7beb3e7bf41df0dbd1cd

    SHA256

    86bec57cfcff74f4cd95a0c7ad48b11909839fb7d989ed5f0a6509c992057b17

    SHA512

    e420d8525a9a1946a55c81a13f7d180a4f9508a0689967dbd9434b4f97f3b9fb002eb6a1471e6286752a3a9e1c69ea86fe21c8b86afb0c41dee1d69c3b6ba21d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8092d9219745fec341f7d95a415eb01b

    SHA1

    7d196036726300ec29e265947dbf279f4a15bf4c

    SHA256

    be0d4f54d931a56d8f8d1cbed9aa94ef61b27c3b620626610d87b6ce19283440

    SHA512

    f07a78c2211949603719b4d3e2b22e624d4c7e763951c5c17f6980c53d85e2acfee96d205bdf91ac7fc14f0c5b22da23fdd50af2070b95fba6c477da03657c79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c1e6a865074d0349549b1258c6b373e0

    SHA1

    00e40ffd711d2d80b1ae40e8ccaf073d3ef8bfae

    SHA256

    366adb35abe0048cfbef12b0533cdc6bbfab75977468d20df5de13e694a2b924

    SHA512

    489998cce1ce416974ffa742839e8e8040ee0a14ea79967a951d8962ae1f582024ecd2a3bae99f4244d2e0743a3c4f7eebabb38f808484f1a2e3fdd4eca5a7d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    55f5bd5c90e2785cc87e2c862efd5383

    SHA1

    69618c4d85567231ca5a9b387371680a39b4426a

    SHA256

    4f4bc7e8861aece00e9f38bc78718d419e9b27f57ff1aac7c9a3de465088ed01

    SHA512

    120784cf614959dd538964d4515f2180c30928b3fb84222da5ec299941061136842cf6ef1e20eb2f0f73009ab661ae52b199e68b7324b51f4deca7a42bc9625e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    244068e4be550f9e409ebc9e02bcc9e5

    SHA1

    b975eb7959e7356d940122edb5c817bfd146e401

    SHA256

    8a22f982b8a3a6149902e7356116c7c807bdd9441231dda1712dcc9c5c3cb401

    SHA512

    5ce3c4bf530f3efcf769c9a74e0d8ccaab22e76a597834bb83a6d8cd9e03c97c6df8a50f93822f89cdc63059b9d91ff83cb41b78e5272cc19a432c5186faebb1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    307bdbffccf1532e98d0d5121ef4de05

    SHA1

    9424bb8e16eff727a64d331c5a0257b7f628e4fb

    SHA256

    6d9d2bc084bf01daee1f56c3c9d81f56e43be404e1bb09250d071af232dffd39

    SHA512

    2715596ef3cde921474dddcbc2851ff56addf12e0fffcd0bbd714c302fb07939a874d6ae695600c32686405e7c575ce9baf150d133c312e91ece13c58c927a12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2243f040791791c324dc4b186e9606f2

    SHA1

    beb85f0e453f1b1d45b5be8bf5361b0ff8b738ae

    SHA256

    a4a3ec3ed16bf0697163cbbad01a7845073b7228ec6c41561a371e8599ced399

    SHA512

    fa42b3d04edfc463857b1eeb114c328f796f55454983b8d0ef09b5fedd9509bc066658ce10ed2e20f1659f31b564b5b1abb48ac9a63975ce06a5492eedc343af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a232e0c7beb99b7b4a0468c0fc81a2ca

    SHA1

    1ba3e71ebac60cdfc39132f6471516648d59b84a

    SHA256

    8c77cf61252d0016068fdd01b95b1307132644e2d003454bf8ca2fcee59af009

    SHA512

    2a64d91fa4397b1f70a5f0291932e71de19d3070e934adc45cdeea44fb8c921bf57e1ccf1dd3f3ac3b078a19636997462ee645aae86b433438e0d5c18e5ffb76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00d020442e11452347002c19f8d673f6

    SHA1

    6f250dbe280ac70ad98e34b66f9c2a3b0ffe24b1

    SHA256

    236ea9042ab89533dc2c04fffd1c138b44a08c11d69324da161a9c9eebd75956

    SHA512

    6fa412ed455764eaeb3514816a568cc913ba2c19dd5dfea6b9da653636fbe5b9345ffab3c8a6e2191671b4e6518d1dd884f12e8785f01a60bd938ac0fdf752b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05ba098c51b4af09e01f6e0c0791c9a0

    SHA1

    6bbd686b79f8c9429ac97e604fe6027e3dd5751e

    SHA256

    13d3eea32732f2fff795fe4eb41c1fb02f8a809bad678d9326d5eee7ec179785

    SHA512

    813bd425601c8377a1a77a6fef240a3bbf94f7d5f2e23d2211d37302359a3a971b06cd277e539eee4b4b7ac08650f435c362adf4f821578a4f1fe084788f0cbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62645ce23bd2e56d9fab35e8f93e4e39

    SHA1

    91d20d4da03a4cacd77c2836896226b586f6f73c

    SHA256

    1737f231f113a23a7d1db3efe0facc1af28e60f5f4d84dfec44817fc7d0825fa

    SHA512

    3d00fbd35a224ff1f514e0b111c97149b4cc2ff1d052cad8adbff98b8edc2a6319002482b213b085f92adc2a547717d6bc581fbe9202c2d9bfd72f813d224c23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eaf8075175d260886a8735c7fd52db5b

    SHA1

    c9b395eb0ab4b8ac8e6ce2f302aef178d5fcad67

    SHA256

    9324e6348394d6fa79f1a326bee085a37e2c10f3717e17ef18e1e84a5052f3fa

    SHA512

    caa63e182b1d3f00c6cf667df59aacabb837173ba6afeed8dfe4a85ad1c68e0b7cd6966649ce4c29fef983ad5cd249f1b3c32cfa91309cd247448d4be97c05b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d3c3a7796cde9d72231445785ebc2f8c

    SHA1

    f47f5d353aba425f3d7d978f2fa5f0a632378bfc

    SHA256

    ac2b750e2a8dfb7eb602adcecf0f66c3db6e8d551a6c40b9755eb3a5442fc957

    SHA512

    15dde19f491cd8bd15e8025ffa15a4e95891f0cf14c8be89fd656bfab009fd24f1ac93bdfb987d1de5092967bd453e6194a28b382188a62cd24d2cb1b130f80a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c5e0d0650b2685c1cffe545efff7f84a

    SHA1

    053151d8a6608d44949378dded06b8de4fde09d9

    SHA256

    0c5c820c9996e3a000f3476601a1c281df4889af867989f3fa8282dac85c4f81

    SHA512

    e2429b415f97fe9e0ca83ef029666d196e57c553660334d346346e679b8ad274013ded6cb6342ce7ee42ac7178162a08c28cba1daadb4c3bcdfef531be874643

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

    Filesize

    408B

    MD5

    78b38423204f45960ebbf6c990a1e13f

    SHA1

    57f8aebe5c9cc7a5d9d8512fa564eafc21288ece

    SHA256

    6b77030b77ea16672ea811be322b2a7baff95f67269bd3b424497de78863a149

    SHA512

    a187c18858f7ea5b0f57b50d94c605efd98d8f6ab3cc2d704e89e990d2c171bb9aaf1c9ae07abbd0181eca8d1b8f682da65a60ecf737edbaa9e47692afaa0d34

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

    Filesize

    458B

    MD5

    e40095102d023745a7aae2a1bfe3f13e

    SHA1

    56fe6592183f89596ea53765cba7be97d193e4d3

    SHA256

    2f88cdaa4609884de6167186023c8a22322dad2225f21e435bbcdf9bc983fc0c

    SHA512

    8975f676f43c3f830b45cf92c82cf38c837ad1fc334bac574b4df67ec1610b5685251e7a2e86085422409cff49505168b0150a829a93094453ebb4daf3b532ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    bacae65a9c128bf0a55a545825d78dd0

    SHA1

    9c9096ead8e11f1290f03b49f0d8fff8999e35d8

    SHA256

    68f40d5a65da261ed6fc0cfb65f39a617eaf0a8a7927257afdb3fc12b1df249f

    SHA512

    9a680ca58c9d447613eb107d07063476012d2841c1b584fac39799a130e5255133f7ee2543164e6bff7b518760a45cbefcc8cf5be641fb5ad1777e5985388051

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    0ec88bec1ea867c86d60027dd31a23d5

    SHA1

    3ebfb16afdd1bb233366aed018757805ed2e6ac5

    SHA256

    a7eb7173812e074b5756c86cc10c9b3eb0c0039613b7c3c00f61c0f41db0a9ba

    SHA512

    cca59ad3a3a55c660a9c3682cb3bc1772095d304f10b7eb6cb94466cfe7fe1adb934cbc2551dabdce338aea801387ce3d83d9415bbc07d36c437ba0d5d14facf

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

    Filesize

    110KB

    MD5

    7e9a777b7d49793f0dc5ef33c15a758b

    SHA1

    add322ef90ba7ca522156cc77023e13d21b13bc7

    SHA256

    b7e90d104bed853aa1f10f4b3e919ade8c93c4c30a0c03f2184cd8f17b8a5f31

    SHA512

    6408a2b1cb34f2716a845726691844e3f040c2ccf4aaa75e83f52506793541e39084e2a36769e06345227ea3dbd1d077d3d657436e1d7aa119021b5463967e1e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\favicon[1].ico

    Filesize

    109KB

    MD5

    504432c83a7a355782213f5aa620b13f

    SHA1

    faba34469d9f116310c066caf098ecf9441147f1

    SHA256

    df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

    SHA512

    314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\js[3].js

    Filesize

    193KB

    MD5

    641764f15e6f5ebc9a124bc40e356c7b

    SHA1

    ad589061d0f5a4cb92cceacf5b143b0686e20d3f

    SHA256

    e57c24501a059b8480abfbcdb806c6fe28088e9bc8c3122b2acffd1ba35dc2a9

    SHA512

    4d1d3da9331b4ef510d7dc4c9e57611a7824544f5401b5b07287bd242addad88dc656d49eb71a8148ea9b17feef5551411f7fc13ebafac0048a271734f3f549d

  • C:\Users\Admin\AppData\Local\Temp\TarA54B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WK2J3UTX.txt

    Filesize

    681B

    MD5

    2eae30d39581ec26361123079f33b413

    SHA1

    224c6de7a18f14cb53fd3336f8f1399e690040dc

    SHA256

    ad1c8c5568543538251cca454c643b5b5fcaa637cbd79b88105a4e740a44dc2f

    SHA512

    d4c22a631b079efe7a5919b4eb678a31d200360b3c9144590067aa61d98754deafe1ffeb4555271b2f075efe169b30f733b1a13844d907c5ed6d27f3fac46427