Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 01:56

General

  • Target

    a7a4dd752c0ac8f8d0b49b8634c398f1_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    a7a4dd752c0ac8f8d0b49b8634c398f1

  • SHA1

    79a5adc0e07c34948de55906e1f12a3651c0b3ae

  • SHA256

    3e4c6facfeb6f508fe20d8a618fceebadb554acf7f8129bcb268a396494148dc

  • SHA512

    3fdedfa33e0e52595a921590a7b05ce5a1f1e3a91e49de82626564700ccbd9080290ae4637b0a5fbc11193f44e0223829e61c7b7296bf2b57bd7ffcc83acc4fc

  • SSDEEP

    12288:nsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQS8:sV4W8hqBYgnBLfVqx1Wjk/8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7a4dd752c0ac8f8d0b49b8634c398f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a7a4dd752c0ac8f8d0b49b8634c398f1_JaffaCakes118.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?source=bing-bb8&uid=5f834383-dcdd-447a-9e10-fc0f0221636c&uc=20180117&ap=appfocus63&i_id=recipes__1.30
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2496
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a7a4dd752c0ac8f8d0b49b8634c398f1_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a7a4dd752c0ac8f8d0b49b8634c398f1_JaffaCakes118.exe" EXIT
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1392
      • C:\Windows\SysWOW64\PING.EXE
        PING 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

    Filesize

    471B

    MD5

    2bf75edbb2bd681f86547e580213c4aa

    SHA1

    5fb2a38c42c6a05954c5f04ffb5f57214488a56e

    SHA256

    4462c6982ff0e2bcd94ef419cbb79732826c20e4e0c8c6c1d193e654957b9dd5

    SHA512

    b1b049f79685e9b534e667249a44a7d55c669d460fc087a2b22d9cf48d60084d1b942870e26f09b7b85fad879974b931c9db105b88642ddf6951547ff4905a24

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

    Filesize

    2KB

    MD5

    d2b7773c65414dccd2b74fa3bb08eaca

    SHA1

    479022a2696819e2779f8d3d91426df272fab697

    SHA256

    3daa8ebbb3c2d5fb890348fc45cf0a68c0dcf6e90cd6ffceef676f2597a05919

    SHA512

    4ee348815307690aea47dfdfcc85363c4ecde99f60f0310c42aaf51cd88730cde630a02eecfa73ba42372903b23787cef8385959a12d7ee357176bb3bb33977d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

    Filesize

    472B

    MD5

    43cd33325feb36547b7b014cbd77ba5c

    SHA1

    570182299cd1c55ea0b7fbe905c4d5f38d5d504e

    SHA256

    69caf21040d913d86949cf036613503ddafec7edd5abb540f4cfda97a6168f75

    SHA512

    48b2aafbb76cccfa1c34a7036b84c23b77dad68c2e06eab4e7db1e3526e4f1f29646e6d2dcefc8e2c9d2fb355d13fae85bd6140c071a4b608d3d43273c3b7ec9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    1082deee77f5bc38942845825a215640

    SHA1

    929c55051d4650f7cf16492b21fdfda16686ae86

    SHA256

    b60aae090dba7e2eb84fc5495b5bfcc099073df32a31ab58e4a9977f7b796a17

    SHA512

    835fa2ee094ac2f3b3956585a1633f8ba87d7dfeaf4f8dded41f33d1330df5a633b2cfa00ab3bb3b15dba8ed0dab6e7dbde726cd33e878eb1af307566de55f3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    9e35329a5ef9874265758c88d443acdd

    SHA1

    0fc65ab8e7dd5a5e500973e81f8993a67a2b759e

    SHA256

    67f2a491cfc5e5ed55977cd353111078cd4318c2ffa0472ae4db4090afb87482

    SHA512

    b11d86e03b2af26357a4796bcf36112f2e17eb3341112af446aace7eca802a27f9a78e62cb52ef8b939bc11938d905c33d27513a2e72f9b419cd451801dbc045

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25c48fe77b3307406d81bb6b1e2d3590

    SHA1

    a4bc9a5a200cf9a7ce2631b58ecd46a74552e292

    SHA256

    34e3f6005efab1bc53ee9c5874ab9820b9e61192a0e6b3d9ba50cec830068690

    SHA512

    3529e789c08bdfb55bf2abd517c4e42ac85782121f4f8e9abe56a1c9d2d12c28671fdd40fb9bd4a98f1ead56742c7986473092ff88364bb8979e0048d9c56e75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ef19375ca4424731e38a871d99bb864

    SHA1

    2f5425d78020b8a2872214e112520a1456ce768c

    SHA256

    55e06d5885a521289e6c986c3d57911d6d0171d47add94da554c1766530e2c82

    SHA512

    9a35eb214177d6cce3a6d381ced80801ec66772e097ebe013ccdc45c50a53bf094f3cbcc40e6dcdc5f462c77934e87a2d522c1f3f77a198be5691b857d45ae3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    960b1359dd2c12b05feeb4e8fc7563ef

    SHA1

    65b7a48f22eccff4748755695da3190fe2072344

    SHA256

    c121be5ec7bab7ec5f4a8f7cfa02678f29984a796b36e91c7d8a9b4e8486a06a

    SHA512

    3990b9ef69566dc7c949659d53369cd7f549f7e10cff00d36423fa42ba53351e9f26945b9f6920ea715051d62c0936a7b0167e5695d33a8563487cfd1447fc84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1cf6fece98cac7c5295656a8e068579a

    SHA1

    c8c76fe94b5ebf8c5bf0a58c8021658d26581d85

    SHA256

    ddbcf9ccaf502a791fd09a532baeef43e6cafe6a0e87759c71d799f690dc017a

    SHA512

    99883cbf4251ded7897e54696265da869f6b319e59f0ee9d9f29adf719df179836083d05772964b379cdcf9db88ed7562e8c113538e9f1561a12b00435e26df4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1c71397c8564cb559e7e0af4d16fe71

    SHA1

    3e13aefd26d35b27598a37e8ec3fae962a3d3acb

    SHA256

    557077d98b9b4e0622c000c0d48eb496e148e017e808ad2d6b61cc0ed3cf455b

    SHA512

    50efaa92eeecdc7fe5d86f86e47fbcde5149c7cafe36199bed25778430d924d6802f2458fe6bcc96e2e34f760c622ff88f934fc100440c8710326aa38746eb93

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5492562ed89ac49439000276a27f3e72

    SHA1

    a5ba37fbac1647a9ffb1c55b83f3f0bed538de46

    SHA256

    25caa806075aac1d3f2105b6fdfa76e0df53b43a179a37f3b419de650a69abe3

    SHA512

    d0f1fc0dec4fd6f43211ef6fdba15d3234b94ab052cbf112aa285fda3f6855a6e1dab284397c84ee0f8f73dda42f7f03b05487c749ab2c61c85e6853333835fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    06ab55eeda06308f75ccd911a2ecdd83

    SHA1

    ccb4e308c5091d12a65ae36d51e2c392f3ede73b

    SHA256

    c6dd9d1ed8167c26e6f8384a4422baf474c2052bbc698c9bb48b827bb05965a5

    SHA512

    099e8e5316998b83ddb73abecd9e26dbbb2296e1e397395d078888fb234cdfbe8407c21070246e142edafc771e70801ea99eeb2df9404e701084d9b2b78a55dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    816ec0819b189fba87c185073e570c0d

    SHA1

    b3a9e05de99fa535c527b2d0da147508c428a13e

    SHA256

    599d0bed94d3b160a3af051b87f06b5c07c794d85f05faf901f55980914fe032

    SHA512

    b2f1a3a7596d0936fbfa6b6bffb7f0f97d1c1c9496f1292af742af46297148b341992ae84b8b5db22486c5d3a60a17d01ba02da5bbba7ce36ae2e6810f30d8cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef7990ae7ae7782f43fe8db6580a51ca

    SHA1

    d314bef2c2161be394a5b9df01137b99381fd959

    SHA256

    17e9f66f46c38f4fe05254ddcab340dfc8313a26b5306d30f4b6f87643c818ab

    SHA512

    15fa8364e38b3faa3f115993d060da56711556eb82064b7170f752e0d6714ddf0311392fb6fa1f10333c6904ceca580b9b5889ea814c70c6656f81ff3c74bfb3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e148707937cd61bd041408c3fa4bf73b

    SHA1

    0abd00570b892f47fe54de2d01b072e3f96ed574

    SHA256

    59afe65cc9fa9b473cd554f011e6e1a0aa6428fc0a87d78a3ce3559aee4f6251

    SHA512

    6f09a30fb340f2908c1cd75ee1ee3ea96aedd4d03c5dcd976c738d2fa5bd6db740b8afb741aeb4a3f62de11aea844d4022adf04863b05ed78fbff283f0984c47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6aeaa13fc920fb65a85cd10cf4926ca8

    SHA1

    ea55a67da3abdcad60342334edd4cdebe94c0d2c

    SHA256

    5e0b600f64642644c0834dfe62b6de9a1eb0aa879038bbd75ae7d52d3d40421b

    SHA512

    abb9e2bd0eb44bb0e0666c49d54a68f53cc30974ae2650009c15adfa663683ec29f0878adf2be98aeb1e42a8bcf9a9dd9365cdf4bb20ec99f7b5761ed1f805ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adf14b887c735810198042e1087679b3

    SHA1

    44e3b06f73a24a71bf37d712332a508c7574c4ae

    SHA256

    79e38d6f4af077e8e13d14b75194c618e509259da87d1f73b7638d73cb4fa68f

    SHA512

    f695fb47a7563ca3acbc316d91bcd52f133a8649664cb6b208a27780e1ce9ee4eb3664bcdd3fa77c55200ad5299ac1282e4f75284fb73f167cce69b9490d3af1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    13d221b623204a3fabaa0cf77cf6177c

    SHA1

    53a9bb603bb6e02f5d8f76572f599b479c6785a2

    SHA256

    e72881c841cfe93b611c0a1fc46a6aca7b2d2fbdc5bcff3bfe1c3024793ff7ff

    SHA512

    66e137b21ba3a4b3634482641b6108c67a56847ebb72f976034a4d62972959560f773dc8d4f63c5340a9f8dc65583efaa0962ad86ad035d8e7d400926f0e1257

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d914c6c3121a8302b4b6cd262536cf87

    SHA1

    721ce49bb34172a2eade037c1fe4c29b05e91ab3

    SHA256

    9fa1d96553d1bc6ce2d81c2f2239a7f24be8864dd449e8c12c3dac208a938698

    SHA512

    8915ec53b41d4c4f8e4b4b8f369a1228215c13e1e99d7cfab37cdbadec144c3962725a77d9969556e5732e53bf8eeae9d64ec865d813f05e0646aa7bb5eb7369

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b2157f58702c62489b4ef7610cc39b4

    SHA1

    d8e2734eb576db17487517e608dc5eeaa2de0daf

    SHA256

    3cc49fb53497e9726b1105164a8ea81bdc3e4d8aa19768912e8912c151775330

    SHA512

    f6dd07cd3fa995229d7f241bf8520908d7d2912cd128248ee3852941269126e58256c2aae00f3f0c6fed3f24e0d27b2e90b8691ebb507c9d9f8110d189cdc0b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e18d2f88a1c0dbc304263f3f112e516

    SHA1

    78953094c8d56ef564973620b4f7953ff3ee2f54

    SHA256

    ee70948dd8beb857c97574c276872c3d127f953ce7e9719e39bd205ad5fb5aab

    SHA512

    5e1fc94ed3bf41e6e63b824517fce736ea38a035d2827f3c0b7270b9c248cfcb23b93b8b9acc8d504ece20fa58c72a0e991730301eff489e9861b87718975adf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d527acec52f232e0a8fd5faaae8b9dd2

    SHA1

    8bf3899e78ae9f1a4bc3681b7ca0e367f985d0be

    SHA256

    5512f95c915bdc67dec3dc88ce45f7962790a93bcea4b3c056413df88e07bef5

    SHA512

    ae8611178245ca41bcc23df4597aefe6887d230056813aef881cbd1a679ebc37d9ad0814fc1cedb1d27df1e247c45b90f7f5519740ed5c2c4513fee7f8e67184

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7b189713a99cd7a15a90401decabbb0a

    SHA1

    f4e350e741484e674c05d17e670f141f45f04dcd

    SHA256

    bd7e4fed1460acf2c300fe86ed083a52c603e9595df15eea561478f28d566498

    SHA512

    3674ca1914e80397251eb0ceeabc343b075836b49cb18821c130bdc9a2ff207a6ca706b14ba43f06d26c9f95283d939b04c8f487631dd83e50691cabab9eeef9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a38478e48968d659a5b906d0352cd58a

    SHA1

    4eacd1d29a09e8180a07cf658e670f666e5712f3

    SHA256

    cd5c3016e14dad41496788793cd009db775877f591f205db4b2619515ae33d28

    SHA512

    41a65484eb364249f4547ff4a4d462eb58b485feded38b6a5524165216ab7df8c09e58cf5b353eff4bbe4c8b80ce35dad5fddb5427960c59f793a996e2297a2e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22e84b2dbf5c0e5eb1999351101a8541

    SHA1

    e5013fab43ed85378418c4843d82f319bee558ff

    SHA256

    f4810a184a3fe69a00fe8e026114d07f2996c2540da29f0855aba0d695d92aa1

    SHA512

    b13af65c77fc6c78910c8e7bdbcea53e5139e19e52bd59bc4c2fd471e627c5d915090152d1817c8d0ef3bfc2bd3aecf749f7f5b159ffb882cfa2a1f34fcb283e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d8377149500fee585dc181825f2708c0

    SHA1

    6aa7f703c23dc1f67a609da65bddd0b5af2f0cfb

    SHA256

    c70b1c05d64aefa4134803aed0f20b50e668fa0a03f784c1a0dcdcd31fb3428d

    SHA512

    071ce6a5a60a01133714f241db478a136e9ec6a3b2dd0b18c752c18323a086a63df5900377d814cb88c38efa8d8970099ae0d45687afe37d6ff96cf779043165

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    606c61786929dc4c4cac3f156d98f6bc

    SHA1

    586d2fdf2f6c06b37284061c6e5e440509c58d29

    SHA256

    d595cc24f6051edacdbf371695b535eaa3160b45d81dcc5fa831ebc291e6919f

    SHA512

    4a053deda24609b426b5e0b715113ef475c7950573fe88ab4f0c9470c09d93cd8a8f90163396e149a7ec299b8f1058065117cf36b29c8866fc296bcb2c9e7ad4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    98e18e72c0fbfd76b08ed05e247e5285

    SHA1

    4becfbe0786e1b5bbb7a7d99455c5224db285324

    SHA256

    c9f7a47ffe99055f014ca904bbd5a670deea9a53a349dfd9367584ff4fb3a237

    SHA512

    3c2967dcca961b797cf6d1cf91ca9563b484a9136bc002a0db893299f4295c32250c9bb141d2d77465b2aa97058cf06632b47d7767421b6acb7c8342a9e62410

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ddbb477c3cf455e0ebcb5151e49cbf0a

    SHA1

    038f0c8aa5704f41e52aa6970b2207ccb894576c

    SHA256

    fcfa1e4f03ab1f6dcc3018106c9f30726bdc8bd0f40593862b12de85b2d90047

    SHA512

    e79f7076cb48d894832fae846047735825490edca17967833cd4354db42c1125ed42ee42d22ba37167f01429185e2ea15ea7e02e5e256606079fb96b907b1c12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f4b68207a90b21ef28da476892a33198

    SHA1

    2668a1364c6b5fad9103a5b14484c5a7db420bae

    SHA256

    4fef6b57dcb64cae2a3d0b2271622a75823860b9cc569821c8afcd0864feaf54

    SHA512

    44bfaca4fa625766a2aa6bada121d8e1147014baca09283c89bb2fd810af626a3a3cbeed1c3271ec813654f98b589b40101ac01e49caaf484d5ceb21d0a183fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d65f89ba775c6a232bfe84f29283e5a

    SHA1

    2a71e0fb74a8dc8de542a7da138a7d1d96a584d1

    SHA256

    2216da3ba8a958a356af496f80c1133fea628b8b41556db5e67c3f0639d5eca9

    SHA512

    46d1afec5810c1e801e713d0441eaa8ce923416e943b05194ff931b568db7f67639df87ca785692be82a4d8e0117a6a3f3ebb0e410496b04b7f7e424ef5b115f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e26df55c8f1813bc7def1fe39fc7624

    SHA1

    57d59106f4327f18146e70bcb2e70a34a55385a1

    SHA256

    5adc06d4076e169344b26846ebedc71ac39d3c66ff780a91dad1d5b10127e10a

    SHA512

    259ab4e3a40431e439e8f545af186d7251bee0e260cf816abf0f942e4989ca6e428211be0358c1b0594a3c0323c4f9761d3680eb4136710bd14da065366e2a72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93f6b6b4a94260641c9448be7b64e0b2

    SHA1

    ed0a28258eda542a2664fb8d163a50eba3348f4b

    SHA256

    b2757ef364cbc43600225256080ad67639ac73aad4c08de18afc80a907f35f47

    SHA512

    2ee163da329304604f207b6dc44b0a59d6f12cbef883575c0ba0d844d26f2e2458eba216a3339f321bcaa194b7edde90775497bb43cec750bddf564f162e0b12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2a6bc91760855f3b462a8a25dc8fbde

    SHA1

    fc46a07bfa29b79a3f959bf3073750398394a0bc

    SHA256

    57f1c91d677151d1319d466fc9555e06e4ff023988ffce099601ddd2eeca2216

    SHA512

    6d1f412c4a53e9047511e9997eb73a476729d14103e5a07446a2edd270f4755d302dbeba097b09d332e506207621f3f5eef691276225016692fdf2b2579b15b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    297c27ac271f950029c2c26ee708b7cd

    SHA1

    39eea18d5aa09f0ef4f8c6242f179184c891234f

    SHA256

    c5efe797459977627126fb3b39d39510b0ada86328561ee55e0049538fc18174

    SHA512

    6e3453846a7bd048b156adca95da8d94a1793a81f630b5a58058541395b73bce52b71075491e55b9b005c1ab0a744d8bfba20a419a5769464a970210bef0c2cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3aa1fbb36ba8c53f260c2f74c187b0b6

    SHA1

    3a187e5d00e570bb29f76c6e7aca14957cc051ef

    SHA256

    ce27ad932e04c165a16c5fefe125814600e01bd70dbcbd2e2a68fba24dd28e78

    SHA512

    108d3a1f77874cfe7b54522af94812ba162bc0690e599cb396e2f4fca7a692c7ea9d3e04c89f5ca476920739cabbbe1aba0473faa6695aecd4e2b9f35ae61248

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1da0a0a3ac6e88dae1ff56f305ce9aaa

    SHA1

    6c235758cb42e6d9d958ba248640a67c35381ebe

    SHA256

    f404ea133a3fd79a3c6756e8a1b7295db4d0a4c50f3fa9b692551b02d8f09fff

    SHA512

    197868439474723995de1c3c4abe0315e6877826a06c0bf3d066b1778d8aea1ac95e2966b81a1415fc9b936af43b45edcb25cc515888aab768b13938d82e0f1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b1963a83beb16a10305d6dcc368d23b

    SHA1

    4a034b769f1e7210e6a60b532521f30acdde2efc

    SHA256

    48d869d7e9ba0fd27a79a16891294420cdeaac2d9e66f7d6ca133236db06e143

    SHA512

    72e72a8eef0845bbd65bae4a67efa2e23db0b210f7a08e0824b7792ccd1086f8399588bec9414ca28300e289b87507d4a4c8b4b2b806d90eb61ccebf6ecf7b6b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c16ba2c9b335ac5ab0d9e85df22caaf

    SHA1

    df7bf36c045ec9ac6dc48caa639014a550315eea

    SHA256

    0ebe5b3a4a6b20ec647758d2e55dab1e6e5b029fcdc6868b250d02af30f64bc2

    SHA512

    c0afbb051a5375461d112e401c9db5b3d25d8ac3c21c53d9485de8e4a2fcd14c208606e7242bebbd1990c0339be28f56c866e02008cdc9cbebdcb757c10522c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

    Filesize

    458B

    MD5

    97a6ec277d2027ac651cae0841f2a56f

    SHA1

    394299ca59d03e408872e82339d0da700520c018

    SHA256

    0c24507652073717c11d92e3e8200e92c9a44f3faa63c7d3e9a8606a90119e89

    SHA512

    709b56efd031f55756781313965ab8a2ba58c5aabadf7d1d372da6e427387746df1e081911ed51622ec201f78e0012b736618a5eebd83bad6075eebe284502a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

    Filesize

    432B

    MD5

    c61b3fe4da0c62aded0552d10a6f40a3

    SHA1

    f12b3b3c000c58266985e226c510c35cf70a069b

    SHA256

    219ab324d8a9cebda121dbd3c25e80dea5321f8ee6f6d93d9d6f62846f137b59

    SHA512

    90f5dacbfbca51cd42f2d3b4ced51c6544b2d960d8359a2555b434b677844d5ffcec0e8914a74c0d313ec8a239b1a4325a478e637fd80212eef3c0d9ae5b6b20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786

    Filesize

    402B

    MD5

    82591ec1a4dc5b550738e73af2ec3923

    SHA1

    696f0dc80f6e6516690700bac2e2953cc6536c0f

    SHA256

    c5ddaa9ec3eccbc8bfe96d5015d8d3eac888495e684078d6a94031d2ac602a7b

    SHA512

    adc232ba27b4d88ac85aa8c86fc1d92e1420544ede6716636af82c0a91963ccd5960f7b69e413ccaa956dcac9627511bfc3a1bfe9bacb51175cc4ce4504c05c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643

    Filesize

    402B

    MD5

    f0827115cd88419d198132417adfe7e0

    SHA1

    193dd1bd2b60b6e6aca3e0000b96106d19072b41

    SHA256

    9ca57ae168dc71e9a7a314b6b9140309b60abb31c804b583136e7cb946f3eeb1

    SHA512

    b4e1e05e9f38db2235d77d205d9462555107311d9071bb010c1c6f98911ec77ea3ccdffa4e830763cde5e6077ba37952117243ad751641d38aa4b7b947a0dca2

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

    Filesize

    110KB

    MD5

    db65fbf1c83feded735fde0b04107c0c

    SHA1

    20d8870966d48533bcb47758dd32d3f6be1a5b5f

    SHA256

    a2c5fc6268ac2f9e6589efda5592ecf23af50813632c4772324fbaea636092c7

    SHA512

    62b1b22b25a48510c097fff4820e06745bd0f3511784023fe269060383fa61a005ee5ad3dc9f524169e7b79922d5f1f94b116360e99a3e45294f55311b0a8ccd

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\favicon[2].ico

    Filesize

    109KB

    MD5

    504432c83a7a355782213f5aa620b13f

    SHA1

    faba34469d9f116310c066caf098ecf9441147f1

    SHA256

    df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1

    SHA512

    314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\js[1].js

    Filesize

    225KB

    MD5

    59505896a120862fbf44652c710f43e0

    SHA1

    8a7040d9e5e5b1493c34a9835cb2934bb693e370

    SHA256

    b48857f2a4cabbb6dd46b83663245fb67f4b156694f6482aeee9deb3a92240cb

    SHA512

    4eb3c1d2a2717613c7c4acb9abdf9beee1eadcf73c8cbd30beceee6f4ca7969969d02585f5745a412624d6993dc5112e3f29af11fdb85237ebc442be89f249ed

  • C:\Users\Admin\AppData\Local\Temp\Cab9CAF.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar9CF0.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VJ38K71U.txt

    Filesize

    674B

    MD5

    50395043464f7aec06b84e8a7f703988

    SHA1

    3c970cdeb68247a46518b38cffaf5c507ed4cc7d

    SHA256

    5acbac966fa8da6c812bcf24fd85de8f8e76e05b2a2fee6e70a489ed37964f41

    SHA512

    d3286dbaecdbe7b2c2b93e5bfee54df7682057b1438be35f61996db51ec2fdc132aaf3727934d414458eed6ef9b6106c79e6ef30261cc13efffb76aa723ff28a