Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 01:33

General

  • Target

    a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    a36094da73cf37782d4f19c1b2683ca7

  • SHA1

    2502beef78f24a4d20056874bf39d8818670b76e

  • SHA256

    70ee2cd0aacfdefa5ec983e00e24db29188e14425e76b52ce653fce463f5db7c

  • SHA512

    019870765d060cd4c9890c7c2d9359defb8fbb837631bb8440330bbec484c9a4056a1f4eb8ac817e55eac99185b84542ebae0536e04c96e39917b3e1bf6d6faf

  • SSDEEP

    12288:fsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQaW:kV4W8hqBYgnBLfVqx1WjknW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?source=bing-bb8&uid=53416835-1e0c-47af-8148-fa75307a5b41&uc=20180121&ap=appfocus63&i_id=recipes__1.30
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2652
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe" EXIT
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Windows\SysWOW64\PING.EXE
        PING 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

    Filesize

    1KB

    MD5

    d74a2e61f42bcf9313dc432f3a50b263

    SHA1

    18241a6643e625f4b9e031980cfa87f2a8bf4149

    SHA256

    4f5c7628efe03b9bacc3e8b2cb92599c9dab8a1c7fe3ed488c699c829f7fc48c

    SHA512

    460ded7c9c094bac2d595cd644085c283a274be81a6e4eb370d12588f776ae44077bbd2374018705f08a9c49fc66e535671f51122940ed5c9b721f09741da3bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

    Filesize

    471B

    MD5

    2a12bb16cf83aafc9e1d6944d9d5b485

    SHA1

    b76efca2f43110685ef956ebdd60ab234d0f8d8b

    SHA256

    6fe3faa1a66e0fe57d85320548e3465b74999b4e95ac0d99669629383cb16dba

    SHA512

    6f3e627fdb5f7db2a8136f229b2e95a093d6aa76af4cd57d47786af170c43c8f41065ff5d3ae27769757b277954dd22ea979fbdb7f158d5de2904d28970d5c0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

    Filesize

    2KB

    MD5

    d83d6487dcad0b0879703505cc5b57f1

    SHA1

    6fb675be1ea7a9300d6c5f02b0153aa50448c310

    SHA256

    ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd

    SHA512

    f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

    Filesize

    1KB

    MD5

    ff330c9577f3fa494fbdda15e838dcae

    SHA1

    4b740d63df2d3908f928b570817db057b19e7e8f

    SHA256

    8085ebdab8fbb07867d54adb7c45987a3056290773d99c1f4c9675717d32a5ac

    SHA512

    bc4a49c03ab97952084f4075473bbc52115568a3e38d2c99a6d9f607f102ec45e6e947c2f68144f134c949429d2758c5981d43afffe272379cbf00b017bc291c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

    Filesize

    471B

    MD5

    9009dd0a494cccab32589d0ffa63628f

    SHA1

    fd3e95e2dc9e5435f47a7a9a986abe2c6a8ed172

    SHA256

    5e8697e86562d3b81d51fa07354798c114991ea5893aae7fdc09b2c834d7d6e2

    SHA512

    e6fc92e46697d8fd3192eb6e30485962de9baddeeb47c7420393966e9320fe3c696b43fd38119360a8b47739c844baa33645638195cdf727d8d2ee94c443e329

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    bc3149e9882b1d2a465c156c546f03ac

    SHA1

    08600e66d78c61d440dc1c180d93b4c3127e7da9

    SHA256

    9b983ea7e5ef215cfd639d88edf3eaa525c0058154e1ab54e031dd9cdc35b8e5

    SHA512

    76994c67e0fd19a8a52b912dccb4d0fd3555ac46454e29d10286eb3c0bd46bd1fbaab0f3427b82686386c58e1fbf9d400c8d73ca88d31e1deebbcdab17df0733

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

    Filesize

    438B

    MD5

    f22bbe3a15bfe1838bd11fd3735bbe5d

    SHA1

    be4adc18107e4e99c6806a741ae531ecc04209d0

    SHA256

    6d9c103b7e4cae0308de684c8251cfccd2b5fd8b02e8f0c22f33afe57517f100

    SHA512

    ed3a37b0295d966dad6dc72234b2a23f574783cff3e2cd2d0172112900f740e0d40633e95367b437896b9b52df83acdb4c65efdd0085fb1497d8b2356fb8488f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9f80bac5fce10e342b86f8a52fefeef8

    SHA1

    a213760c63270b793663a9ca7c8cf46a3e07316b

    SHA256

    04e97c17309f59c10db865a90bda081dd9eaa2f02e7aa5878843d080adb7a36e

    SHA512

    b958e837b0b2ec5407053a353c0eb821cb4ee2d2e2f6a75852561354e22031c3785458b0d259c1f5876e6974c9104883937f104949cea8d2790113a995374408

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    57a87a08417b439ed7aa7eeb5f623936

    SHA1

    e6186c9b28b8fb65a9c0dca7b1b4bd05e957f422

    SHA256

    347c1f155540bbbfdd2055e87db55b1b07c89dd6e24402437a3322416fbd6a55

    SHA512

    9607e74df6c15cde1a2b9798b3b7103ffc0f18ea8fa90a04082c1a0b0bc629eeddbe7113537776215d6dd24f25c0eb5dd16e00320eab123cbf7123038f734603

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ad2b0b6af7347a48bb087dbc04715705

    SHA1

    252a913890ad1f92282ab5e9b24d86f0e382450a

    SHA256

    091ec43a53b5c7a3ef59240e53f299923127ac07ec50af372562fc705ba04014

    SHA512

    e74e1cef6b7ac33c053e093ecb3ae4bce5e94a3a3c38b0413a82650413f2965ae93b76e8bfb6dafacf84dafb3037a3929b6fc957b6e824ee837663f66f7da94a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c89f2712c8097985e3d77d9436997759

    SHA1

    bdbe14f0cdf2bf888a19257763f9ccf30470640e

    SHA256

    671c94eb8d28615a664b62f8b86bf93caebb840d047e2f13115613d2804a460d

    SHA512

    e6365b695c1cfd1f41860ff0ffb1050c9243d9af0831be31c2c44c6239f50ad3642487b13efabc8297640f102fb4d1c5ce925723edde11d8e82c4f1c211bdf19

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    539a4f1de14e0bdc440a9d0f5c90d7c3

    SHA1

    5c9791037c59130ce6d6a1ee5073c2150492ba92

    SHA256

    8077f8b0cb8f7b1eeb61abdd0df89d9714eafcc6ae414f0daa0754e031090c11

    SHA512

    ec927eba9e474939b9552544298768bde55508fab20734e59d17bec31194951c0b51ce35f7f15280dcaceaa2c3d74a42f676ba814e26fb5c2bb373ac71df9be1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48cfb541f02488ab1000cfab6933076c

    SHA1

    d02e8b9b4fe174f3ebbfc683a226fac56019e86d

    SHA256

    cc8bc68ba071e633dc96c45bcbced03793bd425a479159a38125af520a4c7fb6

    SHA512

    066241df7204fcc9edea2307a273532c17e25a6a438a637b5eff9f8dc78d943ca5755e1f6e29c93982b91dc4a55848f688f68243ff3129c7662b5611646a16c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e072d49b3ce8ad4dcdbf5b6db5972cb

    SHA1

    aad5f863ab9240faa5519ea52feebbee1854c748

    SHA256

    4b7649cccf2fd011a6b249b688ea0626461cb8025c76bc2a23e5a24ef3b039e5

    SHA512

    2d8b2496559d8ebeedc702a899a86d70011a8238bddc052127ce1603f32073de4a6416b0c0fbf3eff480296c37ea3dea75547f9217b559bba46c22a278866723

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    84ef655da6f345791691e4e8ecc56f83

    SHA1

    f19690353312f74a3107f5a9f6996b4074dcd930

    SHA256

    e6b0ca57561d167ca05d3e36001717a4d17d8858c7311b25c96837c0b259c919

    SHA512

    dd13628909d395a4ef423cc780a6022611f77cb959b45843e6e050e2db7e89f5f83bbbb0812d8ef7c0d7129a076784600f1ac01843c568e3de5feedadd644d38

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    952ce5c33bc9af70c299b9a9172ce0a9

    SHA1

    feab5760af0c95a9d82461fd3fbab0415a4ecf16

    SHA256

    7342cb719203f804557c1f2ea30e8a27637e0f8131069e2ab7177061d5576c2e

    SHA512

    73f1cb747067c4259296b680cb4f79a4fac376b30f575ac43f9dffdc6f7c8483a93e865a1e8f72beb95a1ccada247fd7420a816ddfff8829da46c13dcf593d4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f541c5dff91f3338040dc89ff487b601

    SHA1

    c9eb2a2f39bbe73979b0fedba46c06e4a80a09af

    SHA256

    e951d53fe07e5cc168b48d9bd72b572418433be0916952fcb2aaed7fc3866b2f

    SHA512

    46cff13a57932b80e2903b2039cb13a23b0c5bcf269534d45d20bf74423e49d9f8df55c5913f46bbfa811d5dfad886c8d94b222945c501cc0a876c51eeb3c7da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    056ab909f9991c14a0c5618bb70bb0ad

    SHA1

    eefba76dfca073ab252ef08d72a756601c9ce3e3

    SHA256

    282ab202549e575600c8ba9c0853f338da06beedf0936a1bb6d4ba228c0db682

    SHA512

    ec41db01ec3e357c5e0b9a6eff4699f25f770890ec130acfa160b2fd93721ee97ba90eb5a40cb149a1a83d5a3e246df411059e06cde78cefe1658c76a842e89d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1aa01b07cd3beb0c4a1884754ece4463

    SHA1

    5879cab97ee065ce7c5b98466bf5f62cd137c322

    SHA256

    21c40465e7ca19dda7fa0f14b64be8e6b643dbc5c32c43c826756e8fe64ca098

    SHA512

    252b228fcb9b13df6e1f43178cf5b97230569a20e0bfeb874563960231d13dd0caceab6037264945babd0e2a1aaf48144659da63dbea0ec151e2e4c60c6ecc23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f7912274acab0c85d4c4a4da459dc5a1

    SHA1

    5448d5bbc0aa233a0489b6e7d5b374a569f61c95

    SHA256

    972e16676f63fcc83fd34bf3e30c4ec4f7904fab8f13d3679acdf21665153153

    SHA512

    eb78848773d0580ae4fdd9b4e51a3a72fffa5412da3feee7ade03e6366d57cd7f1bebc81ecbabb5ef727128239de4b8539863c32d68207c0efacbd52c9a62ae8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e2b3aea90f6706ba647689fe0c7473b

    SHA1

    1b0b2bdd97e8f1d5204f7a7f02d3a84fccca2be6

    SHA256

    02d41a29232e76a7a1cc8abe3d182bd14e4bdbc20275f867a82951f21e159471

    SHA512

    9b7f2a604152328515f68f708b95c6e35cce361645d798108c269b617c0217e83a48f9e94fbfd79f4e6bb28092d1573fe7a4c3b3e0bd0acd9e3b7c7b8d6110f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c5f76c990cf6c52b0806c11db37d582

    SHA1

    5b890db8f0404bba168c75b10e61249f8fb8e1b8

    SHA256

    fd66da8aa61126c576fa902978e182e87e96f820413d9705d4cd42a27b44e744

    SHA512

    8b4f677a5c644be14274e896741acb0304bf7f6bf10c69cd3f036ec4c8421251bc2fb0a42ecd03e8d107255b6c5220ba4304bb6f78e078118ac17b2b38f5f5d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c5e9130a2eba2fafcda5209448b7db2

    SHA1

    9072dbd12b12cb6226efd5100eba0b9b155dbb35

    SHA256

    9df6b96cc026da1dd46093a6b8e1ea22b3eaab979937c51aec01a65f75b6af85

    SHA512

    852c1217f1bfd74e575dc4c0d641e8776f3fb0f00155a40468ce402a3c3b097a34602a44e72a8e82736ec11293716ebacca67287510946ca7895c85a9a5999fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6043b342f2bc3ee4eef6eceda15800a0

    SHA1

    dda45c3c3fff70ecdb5fc7cac8cea79d3f0cf81f

    SHA256

    41f7229e9a0ef9791aef0e8b181d9a45fcedff99cf0103a2c09248181fb10918

    SHA512

    288b1e3d870687c5ee094083a5aeef64a735ea14f79e6f1bb129180e83db5c8f579fb7d54aa16af7928cafcaf18aaca99fe6d3c0e7a9d505a44e128172915a08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c27f8347b2235fed1248160bb64bf1bb

    SHA1

    04dba9a3e6c8373199ed3f24b380caf2a4c6db21

    SHA256

    c37c3264f7cb676141090f03474c0bb5800b20a8a5436bf06ea71dbb39a7af8e

    SHA512

    3305f89a22ac339bd8ab1f8e6730634f5b17e48222f326b639fdc2f6303ef4b330d56adbc66949114245289ffb9f78e7a08b78744a480c6bf1021948b259086e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a124fa796f550bf46ca856a6d511e48

    SHA1

    074142d4656860d20ebd83d03bd215c9816172cf

    SHA256

    f6a6076f40ba165e2671238c7558aee114add1e3f5a29a0a3b48566c461f8c5b

    SHA512

    131255d770897959197746aa73d08965ab2e89ffc448e166df53c835a69227ec3affeee4086a1396970b9a52f1afd02f94898f00a5440b12586c85ac88d734e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c69c3f8351f3a0521848ac883033090d

    SHA1

    7d7088b96b13bd46881f08e321a14bd7c2c62fe9

    SHA256

    e648ab3a3c20b31c49876467b1d748388f3c30be9fc9640dd222ecc2386d1844

    SHA512

    8a55497ddd300ff4adee9f46ecfe0dc1bd0eccecde305a45e3e21fa9bf32f252623d3e92d4d02de8c8587e455c54f1f3b4f4b0c2e1b0533eee500912d63cdf9c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5fc8dff3e663064cec5efa8a76c3ea8

    SHA1

    f96d9c7be5cd7860f073fb635d0f241a0d4b7289

    SHA256

    84a8aceb79c5198ce998aea545eeaff4aa1ba00f5877ae94717b098424619b9d

    SHA512

    3679c736036dba4398189e2fa84fb0c9c18208b9c32352eabab7e55c3a07b1aa2afe85158edc91d4b37aac880238e50b9ed27cb50298fccd095d4cd0293fd688

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e829c0b54c73885a235c699face551c6

    SHA1

    b34a4588850837b317af52fb25de6080b549f69d

    SHA256

    e003049fea7eb458ceb660da7c96320a358b6ba8b826e0cdbfaa18615fcecd27

    SHA512

    117c43e355762f8c3bd002050b2dbfe92692730eab4475bbf403bc6a8ec7cab21c996f8f0feb9206fb34fcd4457b13a2c99d9323394008f86de8d9a090276a59

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    987992560f4ea6c10eb61384725a5ae3

    SHA1

    d97417fe739aa84092c95dd172b1e1081c28a9fa

    SHA256

    b6376c5aa2f286725eeb8085c510a8acf204a8d4186feed4d73f98b890f152bc

    SHA512

    0452648e2f51199f39fdf82f036d276d89453489b05e6fee3e23cf14905dd19dc2b25592acba18132b175a416ef2c2bb22c67533b83d5c249bf3193be01bb55f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc19a760e5187415cc9de75355f0fb9f

    SHA1

    c9bfa6826991958f3dd4ffab1ee742a9ae87c5bb

    SHA256

    c800b7bbfc1304e4cf146ece4bfc3cc5ed4da0f98f2e9d1c1b2077acb8d60520

    SHA512

    f44a3801f74bced5fb145092ac116d3d4c5b1020b6d3d56f08cc666f5c289f439a4cddf3470588dfc432f144bb7cf044251815f40fc850c34ec186402e758044

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f0ed9cbc0dd5d261f50c107127efaa50

    SHA1

    9b78418ef1baa04bc81f28fa1c4326da05eec24d

    SHA256

    63ff028cb458338600ae52d4edd79e0286199ab5330539c634744a4737b35b2e

    SHA512

    0236d257485dcbaf0ca6e767d75dce04fbf38090e8ae4bc5563435c5ed1a9c427f0f287d0e73c47cc366dd97acb12517c2b7af11d9353bef4667cb85fff7b2ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5d4de0dd10b568e68c8a477ac298b98d

    SHA1

    c4c73d01cbe1f3dc367c9d07b5b76eb6e1a02f54

    SHA256

    37c88866ee73d96e43380b3d848c3a9d0ec22d50fb44379642e2270f4e5cd7e2

    SHA512

    765d954543da236b62f4b09bab848845fe3578ad12087b58427665173fa0d1e9c324b51462fba9971a69d54afb8fcc386a3009d01cd404103ca8e0ed9402814d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3e56e03f66d2b709be905d9b35c38074

    SHA1

    01b765159ca41eed037353cff62872e3a8494c3c

    SHA256

    aeb5a464886fe351031c2aa0a8198c7a0f3f523f6f46bdf25b9101076af6b82a

    SHA512

    7eb15b9631885eb8c2ae08e95d4f1ffe643422e579d13c53e40f3142ef2d5524e881017b10b3682a7dee474ccab0434006ef3826d0ab3f9d2c516027beaa08b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db77cc96037b5e4460f4a2801ea5c10a

    SHA1

    1790ddfcf8aa1e0442058aa9928ceff458093039

    SHA256

    412e0003dfc5f76eba2e4e3bcb4a44954868421ef92232bf7d3154004dfb42f4

    SHA512

    3a7a1169767f7fb3e930e512b33fdff75a6defa2729658d3daa5bd0285ecec30740ee4daa22bd23037a16f179e960ef5b12006ac07b31ca22dd5dcc7eaac17d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf5a970cc69ef2852ce669b0e0a50e6c

    SHA1

    7d29de5345c3b75d7ac0aca657b787c24a5872ae

    SHA256

    32b7e8f081e7985fc2fd0d6d04107ed7960995bb32ddc9eff82a32ffdd056904

    SHA512

    888a27037fd92ece1dd5e64560ca7f922c92ddb9405fa6f7e1437c30538ee7fdfd2767d2c2e7092f59d59c85a116d7e0e515c8d726a7e720f1a004b885d24588

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    68033e028e2db93045c243688542d994

    SHA1

    8eb10c70dee1de3f693b47bbd36f3f1ce3e8156b

    SHA256

    9c1ab3153e3ad558295907e695a5d0b738de62ef9dc6bef5f2fede0ee4bca291

    SHA512

    2e5b02520392a64ff3fb87897c1f61de832d2b959ee30e91f50ca77ac4accffe7b9c71ec8cc293453e5e64021feb780eb07a9fbb90652334f88086488b850623

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a53a34032fa36f406691e15b4f678817

    SHA1

    c3769a7f414293aae0e14aa9b7945bdc30d1b457

    SHA256

    27175e0b96a68bd61e264e0b78e1f909ad3003d401add4caaa57bf19972f2182

    SHA512

    85ddcae31537bd19945902ab1813300c9f11c2c73624187fbbcc358b3f4f01dc006a3752631f038f6155b826140ebe8a183b7e017b6a5fc710b0d05e823cc155

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc228fed66e27eae0ec2cad9ba3ed2f7

    SHA1

    58e8fc7e8191e36b2e8c051c17848fc7d5a14a6a

    SHA256

    a7dfff3eaec417dfdb40c38dfad63d4f5c6b748037730cf5c7fc6202a31137b4

    SHA512

    f0a5bc95df04bdd270902404f69a7b72c24b2e8ef01e3b91e945494521fa9e709984fae335f0acfb8e2b2bf79134d2532ccb8f183196fa26d0479649525be7ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb2a5f7014d5a3c9b58151a667492054

    SHA1

    6c3adfc0583707038d355c15e0746b972c4346d4

    SHA256

    184d81af8ae1c1284fed1d97b6ad6c44cf23b6df66fcfd6164f78c62ac88d157

    SHA512

    7e1dc697fa750fa21b3f013734c60350dd2517811c40dc9750b49c57974b2352aaa47996e0b0ab5379a3cc2afa255eeeeea14a0a8e95567b374f05242cb6855b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9cb7bd3da76202e0de8c385cb642d9db

    SHA1

    aa8bcd541171320f2f7e85d5e40a39d484f8ff6d

    SHA256

    1e14977c8f9ce46a8f43f5b48b8029bcbe2b4e645a12ea24f9acd65216984fed

    SHA512

    a48f66224a1e8c7d7db230be159076c2b60936fddddd279ad3f8edc66273a25bc73a334ed450d19d82255dad911c9523f89e972cd56602bb2acabf00881d72e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4419cdb15a48ef205af4d2026b5e32a0

    SHA1

    b0a42cd7dc4c9bc883ced52355d3d681353325e5

    SHA256

    1da56a133d319faf2001752d7373deaf0f4dd80586e64dcd37ebbf4b18136248

    SHA512

    79aec457520141de29140786ec507ce4c0f3ecc5a7e80398581edf1e1a4a87d2f81b433bb6f028a0cbd28eda0308717f927867054a4d5b56440051ad04b7d074

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b777a8b454ab2aaafda770c3269313c

    SHA1

    f5f092f96b0f17cd0b46774e4da30688b029560a

    SHA256

    de1dddc44d40f1d5bc258ecf0a7a65d810968ba5bdaf881939e6d2e31a32c1a9

    SHA512

    5f2b6210b374265965d903ac8514b03d4a31a82856de20998188eda7c55e40077b1b9f9aa4ddbbad5877c632e322f12f2fcec081b4fac3a67ca672a0d2cafe91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4e5101cc850ae9014f50547e43e276c7

    SHA1

    b1ae07c86666d8fcb6500411c6a29e12e2d7c6f5

    SHA256

    fffffea77b599df1051cbaa7e8b19a4d71a0033fbd2ce92560c174865c981b7d

    SHA512

    248fc3f1c1dbbaa9a9334f560a6506bc7e378f3787b0d685d03def39ebc4b4acbf8915e9039ffdaa705e2c37f9b8aa04f31f7afbd43ad964f2bc60216c0db967

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c2df17dfa0a4e41f91e7fe61f5f489ed

    SHA1

    9c1309cb3cb054428accfeef23310c0539c5af55

    SHA256

    337ef1a80982903b8262297633efb0f063478f53a5eb70a37f1d4efeb05f170f

    SHA512

    971d4e1b9a5c780f251b13af27241e227a62dc0f9574d798b4ccb0969ea25c8ab039a88d1fca4eb465652ad4ee9277bd3d029391603cd6c546d9bc1da8aad388

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    63a696490756949ee33d73aaa7bc3316

    SHA1

    084110a99049362354da2254b468c4088e15e2c6

    SHA256

    9bec45c8293071c638cc224e80b037abad8e10b7a56728464a61a5b265424fda

    SHA512

    0324d0d8aa156a847eec2c37f67a9a1d5ba5f221b95fdecd9046aae8c0ae1c7b472c935c77cc3674c2e26de4efd62ba67bb716a94fe98ee5205676ba4c5a54e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

    Filesize

    408B

    MD5

    0a84c8623eb45f4a0e4f9a3ec00bd373

    SHA1

    cf0aaf18efc3da754910732ba0e2bc47f99c35a3

    SHA256

    0e25437640f17a7c4a0bada1f766ba6eae6614ee83d7ea2f12fde7c4c4d70931

    SHA512

    01f69b90e3292d614fa220fec77123e33f329603fe6845b91cdfc81e399f068ca6ea0a88b9a8793dfb3860561d8f0652dc7e9d76f8401ec6551d624e0017c799

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

    Filesize

    408B

    MD5

    49b8fda9a7ce842d88287e83a1c89608

    SHA1

    c7a6a85e7296bb017dd8792c3c6edf3ac3fc6d8d

    SHA256

    1edd4f39594fddc9aa8c0494e6ba6e1305ee692d3ed1701cb769e09c0b46b081

    SHA512

    330c6666428f9fc5d9428680ee4218bcb0367770c9429603489102fcde96c936153b7bba2181f35d9b2e016e93d9a05a9a4567cd39f77664fb86efa043655438

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

    Filesize

    458B

    MD5

    b44e7c9d89c98cfae4972b67e92e987e

    SHA1

    066a6ac14f7c82c3ff2813bf56f80e5b805504c9

    SHA256

    ceafe3a69da0b299a6417df943f74f9d5c4de8bc9d351b6e9e444f6bf6179ad7

    SHA512

    ec0e7290b9952a111fdc65f5047bbcc000df86b8d308b2782a9d047a8fd4dade1c689fa82b527df3a3447efe2dfd4e769c8daa1d4e03e6affa655a67742b65f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

    Filesize

    432B

    MD5

    2df1488b77d968d221e8e383d6285c0f

    SHA1

    9f223efd661d5ba4b99798c4a0c77872a0978217

    SHA256

    ddca44b7e4892057dfc2ea4528333dab5bc5db1c13dc983d6c399cdcb6b996af

    SHA512

    8fbee70ed0e885ee66a255af829b31c62e3eb4ec16b3dda0a860266774b2ef4ddd1412be39198c621e6c782696b01571ac68a1362371f19b568a6761ad7ae1f5

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

    Filesize

    110KB

    MD5

    7ea1c8cf40a49abf453db29faeab762f

    SHA1

    dfa18cdc664125642f468f1811d9e00d1a6ae3a7

    SHA256

    2ca5ac4e326ff71162455fe751fa4372a02583dd13589387905189a3d32e6b5e

    SHA512

    3a942e36b7f72d57e3ac43eec0770fdc48165f956238f628f3f4419b20b3f296269481c4a0f0cb5eac244aa8f7426e32a66bf431fc8f14291ad3670a45cc76e9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\favicon[2].ico

    Filesize

    109KB

    MD5

    504432c83a7a355782213f5aa620b13f

    SHA1

    faba34469d9f116310c066caf098ecf9441147f1

    SHA256

    df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

    SHA512

    314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\js[2].js

    Filesize

    194KB

    MD5

    640ab622885850d33a6c17e439ff18de

    SHA1

    0ee00571e70b14e7bbb1fc4eddb5f8a211ce8220

    SHA256

    7d4bf888ba4b0888533b7032597b214396f0f74e5d0aeaf2b9d8214c0683b0a8

    SHA512

    26337afa0799aaed8d4ecb172870cfed6b67babbf44e9c16c4481f6621fba41eb0db6f210ba8659e37b9c32294981df207360049e36a14f0e3f49804c53bd0ff

  • C:\Users\Admin\AppData\Local\Temp\Cab607A.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar6119.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E016BF2V.txt

    Filesize

    685B

    MD5

    1867364daaaebc0cbbea54984f59d50d

    SHA1

    ed532583f0c0a37e3332eb646cefebb9c2b046a5

    SHA256

    077a4859572de56f736539886dab9fbf0224a40f44bc2768e4fb5bcbde2254a5

    SHA512

    b4f0f0684243765fc8a096747d3108de047ba301b081cb2676e3cf261a2135407e7ba0d9518d00a5fbbc518db903b19df011d8a748c106090d1542e54734b135