a34faf6b4160cd925cf5fd27a96716fc0d0cac742d99e984fae2b9257c7a2eb6

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 12:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

982456b82f9e06a669dc440d7cb2e33f_JaffaCakes118.html
Size

167KB
MD5

982456b82f9e06a669dc440d7cb2e33f
SHA1

3ab3bb3bd060ef9d4b20f524d4df880c857b16cd
SHA256

a34faf6b4160cd925cf5fd27a96716fc0d0cac742d99e984fae2b9257c7a2eb6
SHA512

1051eb2f894f7fffd7c6a0dabb5bdcddd86133c755fb6c54e76a28b5c4bc703fb6d8d1efba7abd18edc2c899ccb2d0382a4fd14ba00fe04a89ac3e6f5cd6c9ac
SSDEEP

3072:Eg4EijZeqLVEijZeqLZV3ZErjZrks5yxQS7eMXvwUg9iiCJ9NV60fz9Tc2eL5At2:Z4EijZeqLVEijZeqLS2spWM+j1I

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11257"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001ce37573e27795d7dc98346f92472f6893c51b2a382736f7de4bab0781550de3000000000e8000000002000020000000c0387e18b2cba1245301a97a5123622e5108cfbff325e7d4962c946c146f860f20000000177c9c61bdb3e293205f697a6b7d943ed1d7d13ba9fe966f7000cda4ee263883400000000fcf4420f148763b57307723511c0ea9f185492a0e8738f549e26bda690100e59de0740370cf1801b6ee216c8a47067a2f1360b7fd55974bdecb1a823c8bdd46	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d5fa691d10e98badf570b74ad3c904667a739f91bf594a6d74685b726202ecd8000000000e8000000002000020000000f9a9b61f5e350b76f38dc094237d0fb1867a3fdb17697c9d1a051618a8ef1893900000008b40f649fe8baa76d884be7d95a9dcd1443fd7374edf73ac67ef41168c6fb23f02f3f16b8b86319a20a1d822be80ed66999682b367ca937157a9957b52393b3f9411d56d05804d017b52d2d842ee4169ed5a690bd7465db49122b02c192447eb5115f670752b8d2d232cd609fc6f4a1e9181dd1d338055d4ce474e50a35f2efbf0f0da30dd7a95fa58152a4d3dfe3fb640000000e6a9fe888d9454660189d2b6e0dcf8e13004e0560b11cd5a1946248244aa5a0797587db92cb93391c0aa554a910c32f5ec757fbc1c8631d71648558d3db56f7d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5D85821-2335-11EF-9449-6200E4292AD7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11257"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11257"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1736	iexplore.exe
1736	iexplore.exe
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1744	1736	iexplore.exe	28
PID 1736 wrote to memory of 1744	1736	iexplore.exe	28
PID 1736 wrote to memory of 1744	1736	iexplore.exe	28
PID 1736 wrote to memory of 1744	1736	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\982456b82f9e06a669dc440d7cb2e33f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
7357fa5c905c3d2772e5e992523203bb

SHA1
7fe955c95b9a93bbabb4aae0c81ad201b3e09130

SHA256
53c909e9d2a2cd0414ab8d6552c28fb6a2e1e425f38dbd11307aff4c8ed1c04e

SHA512
c7303f7be59538b6f26143da757d50f35c5ab973f401fec8ac4d1a9d9e3d30116c0b155674c9e84b41fb14e7adea88a52c8675c9c79e9e840828a35320143760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

Filesize
472B

MD5
04113bc78f4cffeaa3d092f1854cc4c6

SHA1
e67043b8f9def98b7fd869035759a4b7628684ad

SHA256
023675e9033c5f7f53fed57a5bbf654bbb8bd8e1227c4f95efa9fc3bddfe09b9

SHA512
54f25385554ed0679d9a011d8e068d23773d9e6e79cc84aa2ab6f4285e665563e0dabe1e2fde54e289e7fd8b7d7a73d01f8b3baa5a458c917d2ca8589f7fdc04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

Filesize
472B

MD5
d3042a35046bb4d63a48bf05f5b2fc06

SHA1
f42bf93ec69e6c2aeddb14c6dc1b763f5856f5e6

SHA256
4decccc6335581b2e49eadba96af85bc37e3e1a71f39108bc2d5aadf5812c3cf

SHA512
8c05f88aba6f5c141da88b47fcc1aeb90582d92f63d2c1a9582710dd967684518c3303386ed31978686db416691384b736081fdc482a530c2204f08795f54d0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
cab38091cc5241bc8334ed2c4bd16f99

SHA1
6bf6fb6712c7a9742fea3c441382dc06d1f8b47c

SHA256
12b1f81499e22e83ed2d754f16f4f747c5a6c2425a7264db7f573faa8b5c8a1e

SHA512
b678e827abd2bef0a302f6f448e17a68a290208051c71f655b474e762dbae22afce4798fcf42a470ce06cc7e9a07a6f87dd1cc01f03f37bbe38d3f652fbbfef3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0c60a43da47ec54225fc3c85d976bb98

SHA1
b8f9f94f22a982f5346f8d7069f69d3f2c4ac0d6

SHA256
bfe43074c65cfbfea6fa9d0a23a37b20195295f074383408f0ef507813060c45

SHA512
2f31148b8cf1d741da7de81586fb6969bd492084e2c61caaf7e9360b71849529ac8363b8d7d0ef9a33da38bf413b83ff158f2ffacbbc84fde616c0a875215c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4d75ec68386525c4ddd9fb28ed4c3f2e

SHA1
1c47f292d184183e2a614dd52f299adbef811582

SHA256
5c49f28f99d3d6b2f71cf65e1d915aba83fb0d620dd47deeb0388f4e91623328

SHA512
16b1b073f10b03f7217eb570eb7dac2d850abab3721016a8e3d24ce220ce356cb744434294e0625918978253615a229b43737711dcd904c5c71dc8b6601bf6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
656a7ae745bc988dc0f498d8c786b6dc

SHA1
3a6fd67eb88457ec45620cb78c24e478901ebf91

SHA256
8114909093671e185a561a0297acbbf3af1909ea6c5da70c2df5e9789a4aecd1

SHA512
bf1129f4acb953c28d42cd45ab5da35a6b60d109375a831f0aa10daee7a335d86e3ac0299221b6257e661ef31a120354f2eef8dd80fd8dc9ded2c26bc6e19da7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
137f2fdbe8a177eeb652e397ddc9d23c

SHA1
c2f55304303ed995892850de43147ea4d7c18b97

SHA256
d32d9d4256cfdf909b68ced866355f66c5f64be621787972577c6b7dd3b657ec

SHA512
520c699de9f3a1b40a01fb6f9a68f50127e72c78fe60ee25341d11c99099d39c1dee13ee99065c5476b4a43ef60c4f2974e4baa5a49631f215e778c732966456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a6a5fae6a5d6eed78d1b8b268abf986

SHA1
ce6e908b7b2f4046a1bd6792bf83de92eccd18c6

SHA256
9661250c44724751afc6fd8f1373b8b89418628dcffb2aaa4bf7e07544bdc3cb

SHA512
83dd77701e8fbd004ceeed9ef367aa27ced28366d559d14c1776777869384b1d2c635e7130d9ec5d766d7eebaaa518e1a3578fcc93959d8da8c351e47b3f0038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb016598fd10066e1da24c874acac03a

SHA1
e43fcb627f0afd61d13f8f222490c9a015a2881e

SHA256
c400917ecf4969fbfb01b1bde3b216c3780229bdce050d3cce30e21db8b2a4a0

SHA512
8c10f40366f722e0a7daf8b1597494e570183b4f78039b5b30c1e2f54e98666a573471dd2e9a5de03170280ed1c63092126c18b82466ca2e05cf9870d0fcb3b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2a8b709fbf42e28352309d8ba8b885d

SHA1
4117377a604baa18592d8de977a7addbff95f302

SHA256
dd16fd0d54586a3f5890259b7bc6cb0748f666646c18510336429e1c6b89338f

SHA512
d6c00cb2041f566918257282503bf4a16cfed3df818d9b6a2d0de1102c458fe2dc6972a18287164771fc6b0b5cd09f236d9186746674e8b4bd1ad1fa5611b8f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b6a349f04cc1e6024b764718b354a2d

SHA1
f2be058b0f7b6e12a3346a04da0ccd4671123fba

SHA256
6a817f53292d54a231c0eeddb9e4b404e92acd16319f651ff10de11ac417836e

SHA512
d9cc2bdbd50394e15ad2a19d192b4e0a90a31c1ef536ebfed9a5645fc924e1bf9e0981ac17a54f50b9bc9970ec189427b8035088743947f3eae13c8fbbb33703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d738fb8fb58e9913b9342a9e67bd27f0

SHA1
da08833a102b58e1dfd025712d0328fbdb0ef312

SHA256
d21c8fd944f7e86b350751fff68132f81b77124a508498ea8b0840b536898673

SHA512
5d7e32a4ca59444b8de04900338c11c9a288dcf781c6100a59f56faabb211adea39fa2ddabefee28a36143e12ebbd71c09f5993952f2b1992cd7ffd41265463f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0a085014b3f88b366a13237fa293141

SHA1
dd3497e70f5454417f9cc1b205b5d8726a9dfc02

SHA256
8eab7833934e6eb1fe3f90937a9917fd3698a77b5ec6f6828b361465a10f5063

SHA512
99df8008017c68aedfbbe89798a982f0f49641b6019b05101da76babd67a208c8fe56ccc4dabd89ead6c4c2d2b139e79e84ce1ab48b9e70bea711cf1f487b73a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97edd059101bdf24b6139c9176da63ee

SHA1
39b6d9839511aefc5ddd316af65b27e0b7346619

SHA256
dbc5a30789d76b6bba90aee520a9d04321ed085ccfeedfc46fc7dc65b0488f8b

SHA512
01631a3d5bc2ec2986a3477344bdea5870225e39f0c83cd3a87ae4804f7eba5dfa3f412566592e0ab749e3e07f16a307fb3604fa462be0bba3b5fc63b5b91ed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f24fbb8085092350191f298082e0fee

SHA1
c17aefb05316c26b345dbd253e09761410874196

SHA256
cd6a408542496c466abe8eba7bea453b627a946d2ae10b8e172226f7e8ddf78b

SHA512
c684815304721810af3cabdb47eb60f7d5147acb2b12ef916f87da817f7262691040bb97b936f1357af1f82421c88c68c284bfbea59fd83c49065d3963d21f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22bdd300bf0cecadb9c15da14154167a

SHA1
e35137c02d78f10d1edab7594ec3af3620a9bff7

SHA256
1beb630ec4befac55c81976e86836b02a0cab9b8e3c20bde2c894b5c695c5daf

SHA512
1a87f816adcc2040ce5ff553006d7e671f8de8d15da2a7ffc7d4aeb24a87001012958c0ce9410e2bcf1113d6e313b795a9d8aff2a2396b2db44662d737a2f08b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f878194e615ce48d6ca1f24756ac9ce

SHA1
e25442a85eccac885b2ecd3b9e40ca498ca0145b

SHA256
b961fab21aad03b216ecaaf6954a1ce4025eb0a8e7e7814b28a23310c20e0171

SHA512
b0f6ae1deda955d29b3a8d4503c9fa46fbf496e3f05a4625c869950fe0efc0be3b3c870cf6eec5531a9693c60ef8e371bdf8286a46b13ca5f42f85c7be5a8be1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46bc3dd4378fb1f0a369df0cd2cdbcda

SHA1
19b7fbd7e271a87879e30769de42c5d69c1bca61

SHA256
8a4a6ccbe6c6383568cd02605cc716c4c8d81512e20a8119f856facc9bbbccc4

SHA512
ba55596d758fee1320103559b40a082dce3cab196d402697d8956b0c0358de68008507159f7c5b62cb565b63d91ad94ba34ed497125c0a4edc1fc40cf5262cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6b61b1ff9c2eec91d3f8a549afcda7e

SHA1
b0b38bc5c17d9d3424c117fd1c89e2eb457afd56

SHA256
d0d52940fd9ea4196e52b9966020228b2bc494565e2018a591b690434639df91

SHA512
4ca894015ef46df15dbac4e80fb5efc5ecf2c9bcee1d45a9a8fd3c5361d88ce72fee242014d6bcb06490452c571fce69fd8cf31e5969e4f1fd3bea2ab541470b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fbad760f94cfb1fae7dcb456aba393a

SHA1
2edb435b10ed13bee89ee931b3938d9299fcb860

SHA256
002d7899e372c1d931eccff8066c933539ce14c2574da134b6b119f1afa9d444

SHA512
f4e1dbdf6876dee0bd2a8b9e52735612919311dd8fa36da0426e24dd95c00fb50ec520e486e15fb3844345593fd6c5d85d3f92701b3edfd2ec8530e53f1c68a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6396e1d7d7b6908839d697877941d732

SHA1
95135a107053f7fc7189cbf1ea5ce4ad5dff95ef

SHA256
bd7177124ff6011ddf3a545416ac8b9f0188b3cc4c719eb5d2c2e82ffea663d2

SHA512
86ea5a96c64314ab24c7aa468273d7b448c8147c7319bbcc6dce8e283034e56635d9131a0308344590a9f118d160b2214c143de7182fda218b82ac44d2bf36ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8501d89e2e2db2258c0d3e6e4d6649f

SHA1
12f0850f582d4eab3fa0957c122ef7f37b0a69d5

SHA256
48d697224ba444a0e0e07cdd00a96497cc73868ed4c050f8374eacceea465bee

SHA512
67d7ab40571a70b144a3afd872eccbc9d2beb1d42d06e7b19b35b786f3b29e4b8502ad5ca128e312c2a4dfcc8140bd1d67bd82fe58368ee9c116b340ca681d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d59ea2bcf266713aedd19345049c16c

SHA1
20f139e67ef91eb561c56c3d23f194e8152e1def

SHA256
7bbabd1a19ef892d51675a6b00ab26ac1eeec865aa8859e79af3a47ae143b518

SHA512
692972883ba5e529e59a63d00e2b46f6b8e8f6e26f213ebb3df7f5f34ab1bbfee09eaacdd8bb80f1e34fbb537c8d18704235d2edb66fd0604491d27f238e0728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7551302bef31cd5b59c5c328cbdf7bb6

SHA1
86fa61da026ee9011a35df20a6f574d1b922bdd5

SHA256
da2a0537faa3160dd4e7b5cb3f91e1c43f28c4504bd30b67d329aee6342d08a1

SHA512
c445f1a0121ab6a82d0aeaab847373351fcf4757bc2313a97ca7587e41336798de563020db5faac49fed21a582e4286c36442455dd8e4a168a71b06bc0bcf150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
101e07e70c58cd99194e466758c77cd6

SHA1
05d038a521edb381bd72640804b79fbec467314e

SHA256
0501a9f98fed5ad28d9a35034e2858b432e03621b2439450239941d5405351fe

SHA512
8bf7c0b63e323eec3695307e8057f809d0ad13f49af0d7e8ba999bba72818eed3cc3b59f556f846e1eed80bedc3bf25c4664e32844399e71964ee0526729ae53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15e8d83a66a21dc175a70e6be0d8fe29

SHA1
3ae22a387cc9d419570d630a9d8359e9c0e40d83

SHA256
c797eca6e956cf6ae376285f1d54ac7eef91dff0f7eced0a6f9c8fed00c40e0c

SHA512
7ec06376708e510f7afcb35dae133530f37531b5038eb0f1cb21436013862af6abdb717d4b04591ed74e90f2b1a28fd6e7b99f6e25a68c3dad5a6bd03a062fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
e3500d334b9157557ce4e5f5bb29783f

SHA1
e8c17b00c6c66b4a54afb4dfb3f1543d18e0280a

SHA256
92d5eeaea6721a09a9e6e39d27c650485c306b3ee52c44cf722521c9c5a879dd

SHA512
c60b7817e34bc311fac4d68da237ab55ec67c35f451d1e273204399b93935fc38f64ec51a77a915b1f2bd1abeeb8ef234ca6f84eb81767482812dab42dd8982a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

Filesize
402B

MD5
8398d64ba591bb8577ac7e24dc0e8f5e

SHA1
76d0c4e8e5c1d187b0611614608c0bb89861b1e8

SHA256
10a2808b7f1d9018fd69ee2e05ad9842032757450c972dfc4f554296ace7d7df

SHA512
26929acf068a26e825b64ac2a5529856f79f98e68e3fb0284d83d830f39d061efe5e8012a40ac95c8c7438ea23ff0535636b51d11daa5444a855cc404a52e42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
229B

MD5
f7b89fcf58a8bc79cac30b0f2ae56fda

SHA1
a1b0f9ec6b9dccbd764bd803f792bcb9808a5331

SHA256
5fea06ab8ba83a562589f53cac12615a9e64158f01fd0572c19737f04a134be5

SHA512
7866b99c797a5392ed9bb6bc3e1d69e2a86cab8f00698df7b391d17c965002331919194040dee9f2b8c94edafbc7a11675f4103098dd2f9ad543271f3adc52ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
641B

MD5
7378100f4fcc8021194b0ca8854ae3fc

SHA1
adcf962f392022de4fefc6f4000aed7795a416dd

SHA256
786c7cc0727ad7162683190bcbe727ebde46ad16f8eecc1dc39ad9c14971deaa

SHA512
7b85695f91ff4e49e0c9f32a3d707239532a292437c4be3dcf3f04997e7b5f8409786bb3987c49c914064b6a59e46e20804ded250fe10e8cab3576191e449954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
17KB

MD5
21cbc0d18c2668ac0b9f4d5d6f581bb7

SHA1
64ab24b22550f0bc5a9eda99d8b28ca73a462082

SHA256
c5bc0b4e59f59bbadb1e6049949bd0e4cbc06f8e130393898f5b1921151ec236

SHA512
3351b1b7535bb323280e868d6e9a932cb60f091fda5c28add6ed931cd2212a6f29429b655553c586217d2579c91257854a0b4cba1659ed288c637cca530a77e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
990B

MD5
cc7c7434c366f590ce9dbb3230a4e207

SHA1
c01b80ba860c3d91f47b5c8c7605836a26b4e6da

SHA256
fd37d921d6c2b6d879c770b0efe69f64fb7c53d0e4cd5e94b3971aa5a482e66f

SHA512
8bbd3be53916bd9b4e1819c52f237e1adf210d62746f055d1c3101c080dfe8a9424ab861000ccf19ea30bd0a4689e350811612acf097c54aedf4a968962e31eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
990B

MD5
20425f92fc5b07d96367e8b09873e192

SHA1
a45aa0b359dc93a54b55b761c89147b9d4bff822

SHA256
c4666882231c849da0386b8e7cf5ad42e97408db19cdebec65074d254ae3940b

SHA512
cb4ccecd9a818763190ead6c75e6ebd499db3c32f1d9c30ab8f59c6711e41c4aead63ebb98f9cdb95d988d23588eae9b7d919c64d3ed80366b7976b29d71ff77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4CKGRMD2\www.youtube[1].xml

Filesize
990B

MD5
d235be3b1bd0214547a13cab38f41329

SHA1
b62bb7ee600b7d5c68483e65ce2567f7966f14be

SHA256
79e02710fe52800abe5812f6386295db62111e6fcb65f5c0b9baaad63ae32d5b

SHA512
c2243c4e54c407b690686cd0bed2a8a499a42764e62b5a3ea2c7386a6d5a1b7467a450386ec2388025a1d8f235bed3bb6567244c174157f627012d5dfb5af939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\plusone[1].js

Filesize
54KB

MD5
53e032294d7b74dc7c3e47b03a045d1a

SHA1
f462da8a8f40b78d570a665668ba8d1a834960c2

SHA256
8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2

SHA512
fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\3604799710-postmessagerelay[1].js

Filesize
11KB

MD5
40aaadf2a7451d276b940cddefb2d0ed

SHA1
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

SHA256
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

SHA512
6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\rpc_shindig_random[1].js

Filesize
14KB

MD5
6a90a8e611705b6e5953757cc549ce8c

SHA1
3e7416db7afe4cfdf3980daba308df560b4bede6

SHA256
51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679

SHA512
583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\cb=gapi[1].js

Filesize
134KB

MD5
f9255a0dec7524a9a3e867a9f878a68b

SHA1
813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b

SHA256
d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d

SHA512
d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab20BC.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar218E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit